We have finally gotten around to documenting all of the security features that make Unikraft and exciting platform for those interested in security work and secure deployments.
We have split the document into 1). features that are intrinsic to Unikraft (e.g., minimal attack surface), 2). those that exist in mainstream OSes and have been sorely missing from many previous unikernel projects; and, 3). advanced features that allow each Unikraft to isolate libraries into secure compartments.
Please have a read here and drop us a line on our Discord security channel.
Feel free to ask questions, report issues, and meet new people.