A Survey on Security Isolation of Virtualization, Containers, and Unikernels

Report No. ARL-TR-8029
Authors: Michael J De Lucia
Date/Pages: May 2017; 18 pages
Abstract: Virtualization, containers, and unikernels are the fundamental technologies that enabled the widespread use of the cloud; therefore, a comparison of their security isolation characteristics is necessary to understand the potential threats. Each of these technologies contains subtle differences in the methodology and software architecture to provide secure isolation between guests. All 3 of these technologies commonly provide the same functionality with varying degrees of overhead; however, the security isolation is based on a vastly different approach. This report first gives the background of each of these technologies followed by the security isolation aspects of each technology. A suggestion on metrics to further evaluate security characteristics of each technology is proposed to guide future evaluations.
Distribution: Approved for public release
  Download Report ( 0.364 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: May 1, 2017