| Unikernel,based on Lib OS,compiles single application and Lib OS components into VM images,running directly on virtualization platforms such as KVM.It has the advantages of small size,good performance,and can be customized for specific application.It is an attractive operating system design for cloud computing.But a major weakness of Unikernel is the lack of multi-process support.The main reason is that Unikernel adopts a single address space design and runs on a single CPU privilege mode.This greatly reduces the flexibility and applicability of Unikernel.The multiprocess programming model helps applications achieve security and performance scalability.A large number of existing applications,such as Apache,Nginx,and Word Press,all take advantage of the multi-process feature,which makes it harder to migrate them to Unikernel system.Some research work,such as Graphene and Kylinx,provides multi-process feature by using multiple Unikernel instances to simulate processes.This requires modification of external components and is incompatible with existing cloud computing platforms.It also introduces additional high performance overhead.This paper proposes Iso-UniK,a new Unikernel design that provides support for multi-process feature with both functionality and isolation.Based on the existing idea of the Unikernel system,Iso-Uni K has extended the design of page table management,resource management,and process scheduling,providing a solution for the multi-process feature in Unikernel.Iso-Uni K has designed a three-privilege model,and utilizes the latest hard-ware feature Intel MPK,to provide lightweight and effective isolation and security for the multi-process feature in Unikernel.The main contributions of this paper are:· Providing multi-process feature for Unikernel,to help applications utilize the parallel computing power of multi-core processors with security,and achieve performance scalability.· No need to modify external components such as the hypervisor,so it is compatible with existing cloud computing platforms.· Proposing the three-privilege model,and the advantage of Unikernel is utmostly maintained without the need to switch CPU privilege modes.And kernel function calls require only 68 additional CPU cycles.· Designing and implementing multi-process APIs,modifying the compilation process to support existing multi-process applications designed for Linux.· Proposing a design for applying Intel MPK on CPU supervisor mode.This paper implements a prototype system of Iso-Uni K based on the open source Unikernel system OSv,and provides support for existing Linux multi-process applications.The fork()of the multi-process application in Iso-Uni K takes only 66 ?s.Tests show that the multi-process feature and three-privilege model in Iso-Uni K will not harm the performance of application,and can help application utilize the parallel computing power of multicore processors with security and obtain performance scalability. |
PDF Full Text Request