| With the rapid development and widely use of cloud computing,cloud services keep innovating and actively cater to market demands and changes.In addition to the traditional virtual machine technology and the increasingly mature container technology,the emerging Unikernel technology is also receiving increasing attention.Unikernel is a sealed,single address space,specialized machine image which is formed by linking the library operating system and service application compilation together through a special tool chain.Unikernel is expected to be the next-generation lightweight microservice system architecture beyond Docker container.As a new distributed application solution,micro-service has developed rapidly in the past two years.The features and advantages of Unikernel are suitable for building micro-services running in the cloud environment or embedded Internet of things.However,the Unikernel-based microservice is just an image file stored on the disk before deployment.After running,it is only a normal process on the platform.It is not protected by the operating system or Hypervisor,and is still vulnerable to many traditional attacks,especially image integrity violations.Therefore,the paper proposed a solution to build a trusted Unikernel microservice.Firstly,a trusted Web microservices architecture based on Unikernel is designed.Then measured the integrity about Web microservice by trusted computing technology,including static integrity measurement and dynamic integrity measurement.Finally,the experiment was designed for verification.The function test and performance analysis are carried out on the Xen platform.The experimental results show that the scheme can effectively protect the integrity of the Unikernel-based Web microservice from being destroyed. |
PDF Full Text Request