Professional Documents
Culture Documents
Inter-image protection Images can be semi- DoS on other images; ARP spoofing; MAC flooding. DoS and other attacks on images are fea-
honest or malicious and placed port/vulnerability scanning; remote code execution ([ 9], [22], sible. Nevertheless, the isolation provided by ring -1
inside one or different hosts. [23]). (or equivalent) might be used to contain the attack.
Protecting host It is assumed that at least. Attacks on unnecessary services; container escape The h o s t s y s t e m ( hypervisor) r u n s a t a
from images one image is semi-honest or attacks; DoS; data tampering ([9], [22]). higher privilege level, as such the possible attack are
malicious within a host. related to hypervisor vulnera- bilities as in the regular
VM+hypervisor scenarios.
Protecting image Images are honest but the Profiling in-image application activities; unauthored access for Unikernels here have the same issues as
from host host is either semi-honest or image data; changing the image behavior ([22]). containers, unless SGX [25] or similar tech- nology is
malicious used.
Microservices- Each image hosts a single Zip-bomb-like attacks; remote code execution; virus, Unikernels are vulnerable as well, but priv-
like service in a single process. warm, trojan, ransomware; privilege escalation; ac- count ilege escalation is more difficult and it has to resort to
hijacking; network communication tampering ([9]) some kind of hypervisor vulner- ability.
Application Image Using Docker as a way Data leakage; DoS; DoS on other containers; attacks Unikernels are equally vulnerable to third-
Distribution of shipping virtual on the container integrity; privilege escalation; con- trainer escape party image hosting. Only privilege escala- tion is
environments. attacks ([9]) harder (unless some CPU backdoor is leveraged by the
hosted code [26]).
Image Docker integration pro- Data leakage; DoS; DoS on other containers; Zip- Same as above, like containers but
deployment on the vided by the main Cloud bomb-like attacks, remote code execution; virus, warm, trojan, potentially more isolated when deployed.
Cloud Providers. ransomware; privilege escalation; ac- count hijacking; network
communication tampering ([9]).
Image repository Each image has been pro-. Zip-bomb-like attack; remote code execution; virus, Same as above, similar to containers but
vided by a repository through a warm, trojan, ransomware; privilege escalation; data leakage ([9], potentially more isolated when deployed.
distribution process [22], [27]– [30]).
Table III
MOST RELEVANT SCENARIO-DRIVEN ATTACK IDENTIFICATION
Table IV
Cloud Gaming RTOSes and containers fit better as they provide slightly less overhead (read:latency) Low security impact, as attacks would mostly just cause a DoS
Virtual Reality than unikernels in the game being played.
Smart home Containers and unikernels are equivalent, with a small advantage of unikernels for Here the consequences of a successful attack can be more serious
Smart Cities security isolation and an advantage of containers for the ease of setup. RTOSes are e.g., up to the house catching fire or some DoS in the
relevant only for constrained devices surveillance cameras.
E-Health Unikernels have a small advantage over containers due to the increased security Vital is the keyword, as DoSes and malicious soft- ware/device
isolation/resilience that is crucial in this contest. RTOSes could be adopted only in can possibly cause harm to the patient.
some corner case on constrained devices.
NFV Containers and unikernels are roughly equivalent, with a small advantage of unikernels The impact on security is relevant as Malicious/altered software
for security isolation and an advantage of containers for the ease of configuration; might cause relevant DoSes to other applications relying on the
RTOSes are still relevant but suffer from difficult updates network.
VI. DISCUSSION AND FUTURE DIRECTIONS significant DoS attacks or other serious problems that might
call for the re-deployment of devices.
This section compares the supporting technologies provided
in Section III to the real-world use cases introduced in
Reliability, security, and privacy are required for the E-
Health use-case. Unikernels therefore seem to be the most
Section IV. The objective is to comprehend how the use of appropriate option, utilising the smaller attack surface and
these technologies might impact the particular scenario in simplicity of updates, and the performance improvements of
relation to two key factors: performance and security. In RTOSes and unikernels may be left aside. The option that
table IV, the findings of this investigation are enumerated. was just made implies that in order to sustain, develop, and
ensure the success of this technology, increasing amounts of
The issue of security software upgrades is common to all work will be required to streamline image development,
the use-case situations. Deploying security fixes must really upgrading, and administration of unikernels [36].
be made easier and more automated over time since new
vulnerabilities must be fixed often and, ideally, with the least Some thorough examples of the Network Function
amount of delay possible. The flexibility provided by the Virtualization scenario are given below.
extra layers between application images and the hardware
may be used by containers, but even more unikernels, to offer The Domain Name System (DNS), a decentralised
seamless patching. RTOSes can theoretically be upgraded, hierarchical system that provides translation services between
however this procedure often calls for physical access to the users and Internet-connected resources, is the subject of the
hardware and direct involvement. Hence, the scalability of first illustration. The IP address of the requested resource is
software updates is somewhat constrained. given to the user by the DNS server in its conventional
implementation, in accordance with its database. The DNS
As cloud gaming and virtual reality use cases become more and end-user services are two examples of the new class of
prevalent (see the initiatives by Google and others [35]), sophisticated services that may be developed thanks to NFV.
assuring speed is more important than protecting the integrity This technique may be used to operate microservices, which
of the code and data. To maximise this dimension, methods are only operational after a DNS resolution. Jitsu [37], a DNS
like RTOSes and unikernels can be appropriate. On the one server that immediately boots virtualized instances of the
hand, RTOSes, such as proprietary solutions, are often more resource the user has requested, is a nice example. A virtual
expensive and, as was already said, have more difficult machine is immediately started when Jitsu gets a DNS
software upgrades, even though they are suitable for large inquiry, and then the query result is delivered back to the
businesses. A microservices container-like method, on the client. This technique might be implemented at the network's
other hand, might help to reduce the requirement for updates edge, offering effective and scalable on-demand systems that
and could be practical where digital right management is not execute a unique picture for each URL. Performance-wise,
a crucial limitation, such as when verifying the video game's both the container and the unikernel technologies are viable
code integrity for billing purposes. Moreover, using (i.e., boot time). Unikernel images, however, can give a
unikernels would guarantee a smaller attack surface, assisting relatively restricted attack surface when designed properly
in ensuring code integrity, simplicity of updates, and (i.e., by removing any extraneous functionality), which is
acceptable speed (i.e., reduced latency). further reinforced by the separation among services provided
by the hypervisor. As a result, the inability to completely
Robustness and dependability are very important in terms of remove all unwanted/unnecessary code from images is one of
performance and simplicity of updates for the use-case the key problems with unikernels' security. Automated
scenario of Smart Homes and Cities. As a result, using intelligent technologies for picture production are desperately
unikernel technology can be more and more practical, unless needed to achieve this (see also [36]).
the devices in question are so basic and inexpensive that
hardware virtualization support cannot be ensured. Current Another example is the dynamic nature of virtual networks,
bare metal RTOSes may be the only (or most practical) which implies new security requirements that conventional
choice in this latter scenario. Nevertheless, because it is firewalls cannot address for a variety of reasons. First off,
challenging to maintain such gadgets updated, this method conventional firewalls offer reliable protection on
would be more vulnerable to assaults. This may result in predetermined and static network topologies. However, in a
highly dynamic environment where Virtual Machines (VMs)
are scattered and regularly transferred among various [3] "Fog Orchestration for Internet of Things Services," IEEE
network segments, they lack the flexibility and adaptability Internet Computing, vol. 21, no. 2, pp. 16–24, 2017. Z. Wen,
to provide the same security level. Firewalls might be R. Yang, P. Garraghan, T. Lin, J. Xu, and M. Rovat- sos.
deployed as a software instance to alleviate this issue by
removing the reliance on fixed network topology and [4] S. Biookaghazadeh, M. Zhao, and F. Ren, “Are fpgas
supplying the essential adaptability to safeguard virtual suitable for edge computing?” in {USENIX} Workshop on
networks [38]. The differences between containers and Hot Topics in Edge Computing (HotEdge 18), 2018.
unikernels in this use case are minimal. Nevertheless,
because containerization technology may be set up more [5] The OpenFog Consortium's Tech. Rep. from 2017 is
quickly and easily than unikernels, it may be preferred. As titled "Openfog standard architecture for fog computing."
with the prior use-case, it is uncertain if automated, simpler
delta-based image update procedures would enhance the
usability of the Unikernel [36]. [6] The "Cisco IOx Documentation" docs/iox/#!introduction-
to-iox/what-is-iox at developer.cisco.com.
VII. CONCLUSIONS
[7]. The summary of the Intel Fog reference design is at
First, we looked at how the Edge/Fog paradigm relies on https://www.intel.com/content/dam/www/public/us/en/docum
virtualization technologies to deliver the high performance ents/design-guides/fog-reference-design-overview-guide.pdf.
and scalability that are the cornerstones of its success. We
later investigated potential attacks against the most important
[8] “What is a container?”
virtualization technologies. After that, we contextualised
https://www.docker.com/resources/ what-container, 2018.
these dangers into four distinct Edge/Fog Computing
scenarios. We have highlighted the benefits and downsides of
adopting each virtualization technique that has been taken [9] "Docker ecosystem-vulnerability study," Computer
into consideration for each scenario, as well as the potential Communications, vol. 122, pp. 30-43, 2018. A. Martin, S.
consequences of the identified attacks. We have also Raponi, T. Combe, and R. Di Pietro.
suggested some intriguing future research paths and potential
technical advancements. [10] D. Bernstein, “Containers and cloud: From lxc to docker
to kubernetes,” IEEE Cloud Computing, vol. 1, no. 3, pp. 81–
ACKNOWLEDGEMENT 84, 2014.