3 min read
Maria Sfiraiala
GSoC'22: Shadow Stack While the previous blog post described the first steps took into the direction of familiarizing myself with Unikraft and an initial attempt to using clang's ShadowCallStack, in this post, we will take a look into some implementations that were tried in the meantime.
4 min read
Xiangyi Meng
The previous post briefly describes the concepts behind TEE, Intel SGX, and the ongoing work that implements Intel SGX support in Unikraft. In this post, we will take an in-depth investigation of how SGX supported is implemented in Linux, and what we need to implement in Unikraft to achieve the same object.
3 min read
Sairaj Kodilkar
The previous blog on the SMP support explained different synchronization primitives for the unikraft. As a part of the next step, I started exploring some of the lockless data structures. There has been an extensive amount of research to optimize this lockless data structure.
8 min read
Sairaj Kodilkar
The Unikraft v0.9.0 introduced the common SMP API, which created the need for synchronization primitives. This project aims to add the SMP safe synchronization premitives as well as remove the race conditions in the kernel.
3 min read
Maria Sfiraiala
GSoC'22: Shadow Stack Objectives While Unikraft provides great security advantages through strong cross-application isolation, traditional means of securing one’s application shouldn’t be overlooked.
Following this idea, we introduce the Shadow Stack, a project which aims to adapt LLVM’s / clang’s Shadow Call Stack to Unikraft’s needs, focusing on the AArch64 architecture.
4 min read
Xiangyi Meng
Trusted execution environment (TEE), especially Intel SGX, is a popular and powerful tool to provide hardware-based isolation for highly sensitive code and data. Today’s commercial clouds (Microsoft Azure DCsv2, DCsv3/DCdsv3 series, IBM Cloud Bare Metal z15 series, and Alibaba Cloud Bare Metal Instance) more or less have provided their support to Intel SGX.
10 min read
We’re excited to announce Unikraft v0.9.0 (Hyperion) and to show off many of the things the community has been working on over the last two months.
In this blog post, we highlight some of the new features available in Unikraft.
1 min read
Razvan Deaconescu
We’re excited to announce that three Unikraft projects will be part of Google Summer of Code, with three students funded during the summer of 2022:
Adding SMP Synchronization
student: Sairaj Kodilkar, from Carleton University, Ottawa, Canada mentors: Marc Rittinghaus, Cristian Vijelie Intel SGX-based Isolation for Unikraft
1 min read
Felipe Huici
We have finally gotten around to documenting all of the security features that make Unikraft and exciting platform for those interested in security work and secure deployments. We have split the document into 1).
1 min read
Felipe Huici
We are extremely proud to have been accepted as an organization for Google Summer of Code 2022 (GSoC'22), a global online program focused on bringing new contributors into open source software development.
2 min read
Alexander Jung
Unikraft will appear at the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'22) with both a paper, FlexOS: Towards Flexible OS Isolation, focusing on new security aspects introduced at Unikraft as well as a general introductory workshop to Unikraft to be led by Razvan Deaconescu, Alexander Jung, Hugo Lefeuvre, Vlad Bădoiu, Cristian Vijelie and Pierre Olivier.
3 min read
Alexander Jung
As the new year begins, we’re excited to show off many of the things the community has been working over the last two months. It’s become a tradition now that Unikraft celebrates a new release at FOSDEM'22, and we’ve come a long way since our initial release at FOSDEM'18.
2 min read
Felipe Huici
The open source Unikraft project is proud to announce that its paper titled “Unikraft: Fast, Specialized Unikernels the Easy Way” has not only been accepted at Eurosys, one of the top systems conferences in the world, but that it has been bestowed with the prestigious Best Paper Award.