3

Today, I searched for includeOS and I found that it defines itself as a minimal unikernel.

I am wondering what is UniKernel. The wikipedia explanations are not clear enough to me.

Is unikernel an operating system incorporated with a single application for a special purpose similar to embedded systems?

ar2015
  • 138
  • 8
  • 1
    More like a single-process operating system where you can specify the features you want to be compiled into it. This reduces the attack surface by limiting the number of services running to only those you really need or want and eliminating those you don't want, shrinking the size of the OS build as a nice bonus. – Robert Harvey Apr 14 '18 at 03:45
  • 1
    I actually had to look it up because I hadn't heard this term before, but then I realized it is just a new name for what used to originally be called *exokernel* and then *library OS*. So, that's what it is: it's just a new name for exokernel / library OS. – Jörg W Mittag Apr 14 '18 at 07:25
  • @JörgWMittag, it seems they are not the same. Search for "exokernel vs unikernel". I got [this](https://news.ycombinator.com/item?id=9846452). – ar2015 Apr 14 '18 at 10:18
  • @ar2015 - that doesn't really seem such an important distinction, though. I mean, going under the same definition, [FreeRTOS](https://www.freertos.org/) is also a unikernel (again, highlighting the similarity to an embedded system) because it's intended for use in situations where you only have one application running. – Jules Apr 14 '18 at 12:57
  • `unikernel` := `single_purpose` – Thomas Junk Apr 16 '18 at 08:12

2 Answers2

4

A Unikernel is a special type of a Library OS. A library OS offer all of it's functionality as a libraries, typically linked into the application compile-time.

The distinction is not really clear, but originally when Anil Madhavapeddy coined the term Unikernel he meant a single threaded application, with everything running in single address space, using a library operating system created in a high level, type-safe language, running on a hypervisor.

It should be noted that the IncludeOS project doesn't strictly adhere to the definition. It is written in C++ which isn't type-safe, it supports multiple CPU-cores, threads and boots on bare metal hardware.

I've heard Anil characterize IncludeOS as a Unikernel so I guess he isn't too strict about it.

The motivations writing your application using a Unikernel varies, but mostly it is footprint (unikernels are tiny), performance (function call are faster than system calls) and security.

The gains in security comes from the nature of Unikernels. Unikernels are built as immutable. So if you are building a virtual firewall appliance with a Unikernel the firewall rules should be code and the firewall hardcoded to execute exactly that ruleset. This as opposed to a traditional monolithic kernel where the all the configuration is dynamic.

Unikernels aren't meant to be reconfigured. They are meant to be replaced. So they don't have the features to support reconfiguration which makes them hard to exploit.

perbu
  • 156
  • 3
  • 1
    "C++17 which is a low level language", did you mean high level? – ar2015 Apr 14 '18 at 10:15
  • Could you please also answer these questions? 1- Does the application run in Ring0? 2- Is it safer just because of reduction of attack surface? – ar2015 Apr 14 '18 at 10:16
  • There. I meant type-safe. – perbu Apr 14 '18 at 10:18
  • I have never heard that `c++17` is less type safe than previous versions. Based on which references do you call it not type-safe? – ar2015 Apr 14 '18 at 12:35
  • @ar2015 - it's all a matter of degree. C++, like C, allows operations that are not typesafe, e.g. converting a pointer to one type of object into a pointer to another type. Many languages do not provide such facilities. In the latter kind, assuming that the language is correctly implemented, it is possible to make useful guarantees about the safety of the system *without needing hardware level protection* (e.g. the use of multiple rings in 80x86 systems). This is useful [for a variety of reasons](https://pdfs.semanticscholar.org/d3d8/0152105d47a82935595dbf883828e801c349.pdf)... – Jules Apr 14 '18 at 13:09
  • ... but the existence of unsafe operations in C++ makes such guarantees impossible for a system developed in that language, and means that it is hard to make reliability guarantee for such systems. – Jules Apr 14 '18 at 13:09
  • I think it is important weather C++17 is unsafe or not. I still didn'd realize the reasons behind how C++17 is not type safe. – ar2015 Apr 14 '18 at 13:24
  • @ar2015 In short: casts. – Jörg W Mittag Apr 14 '18 at 18:33
  • @ar2015: More precisely, casts break type-safety, unrestricted pointer arithmetic and casts from numbers to pointers break pointer-safety and memory-safety. – Jörg W Mittag Apr 14 '18 at 21:18
  • @JörgWMittag, So this is a C++ related problem rather than C++17. Isn't it? – ar2015 Apr 15 '18 at 03:08
  • @ar2015, yes. It's C++, not C++17. However, all operating systems have a layer facing the hardware that is not type-safe. Hardware isn't type safe. In other unikernels there is typically a layer of asm or C that glues the kernel to the hardware. – perbu Apr 15 '18 at 16:46
1

"Embedded" does not specify the software architecture, it merely implies software and hardware are packaged together and inseparable from the user's point of view.

In most modern computer systems you would have a processor that allows the first program that runs on it (the OS) to take control over it and than, using that acquired hardware control, allow other programs to run with limited possibilities. It is like a janitor entering a building, grabbing the keys of all the rooms and taking a seat at the facilities control panel. Then he waits for tenants or guests to come in and allow them limited access. He himself has no specific purpose other than managing the building. He just sits there monitoring, handing out and taking back keys and eating donuts.

With a unikernel there is just one program with a dedicated purpose. It is not a general purpose system that allows programs to run, it is a one purpose program that does not allow any other program to run on it. Basically, it is an application without an operating system. The application itself controls the machine, having all the power and access it needs.

It is like one person entering an empty hotel, locking the door behind him, starting the facilities he needs, grabbing the keys to the rooms he wants to access and doing his thing.

In software, the unikernel program will be relatively small compared to a general purpose OS plus a single application because it will only contain those services the application will actually use. And that could be beneficial in an embedded context.

Martin Maat
  • 18,218
  • 3
  • 30
  • 57
  • Does the application run in Ring0? Is it safe just because of reduction of attack surface? – ar2015 Apr 14 '18 at 09:39
  • @ar2015 There is no reason for it not to and it would have to because there is nothing else running in ring0. If there would be, you would be back at the OS vs applications separation. Ring architecture is to protect different entities against each other. Since in this case there is just one entity, the question in "which ring" is kind of meaningless. It does not matter, whatever ring it runs in, there is nothing else so it would still be a unikernel system either way. But then again there may be a hypervisor? Ask perbu! – Martin Maat Apr 14 '18 at 10:55