A Common Code Base and Toolkit for Deployment

The problem • We are in Dev. Ops era • quickly developing, upgrading and deploying applications is at the core of the new IT industry • Software is more and more massively running on shared hardware • efficiency but also need for isolation, lightweight sw image footprints, fast boot, etc. • Standard VMs can be heavy load (image size, excessive memory and disk space, long boot time) • Containers are faster, but offer poor isolation UNIKERNELS (lightweight VM) can be the solution © 2019 UNICORE

Unikernels‘ Potential ▌Fast instantiation, destruction and migration time l 10 s of milliseconds or less (and as little as 2. 3 ms) (Ligth. VM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015]) ▌Low memory footprint l Few MBs of RAM or less (Click. OS [Martins NSDI 2014]) ▌High density l 8 k guests on a singlex 86 server (Ligth. VM [Manco SOSP 2017]) ▌High Performance l 10 -40 Gbit/s throughput with a single guest CPU (Click. OS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017]) ▌Reduced attack surface l Small trusted compute base l Strong isolation by hypervisor © 2019 UNICORE

The (Big) Downside with Unikernels • Today, each optimized unikernel is manually built • Image build takes several months or longer • Wash, rinse, repeat for each target application • Need for significant expert resources on OS, computer systems, kernel, etc.

UNICORE in a nutshell UNICORE is developing tools to enable lightweight VM development to be as easy as compiling an app for an existing OS UNICORE will release an open-source toolchain to enable secure and portable unikernel development • Developing unikernel based applications will be reduced to slight changes in the app Makefile, choosing from a menu of available implementations for the required system functionality, and compiling the app UNICORE can unleash the use of next generation of cloud computing services and technologies © 2019 UNICORE

The Unicore Toolkit Decomposition tool to assist developers in breaking existing monolithic software into smaller components. Dependency analysis tool to analyze existing, unmodified applications to determine which set of libraries and OS primitives are absolutely necessary for correct execution. Automatic build tool to match the requirements derived by the dependency analysis tools to the available libraries constructed by the OS decomposition tools. Verification tool to ensure that the functionality of the resulting, specialized OS+application matches that of the application running on a standard OS. The tools will also take care of ensuring software quality. Performance optimization tool to analyze the running specialized OS+application and to use this information as input to the automatic build tools so that they can generate even more optimized images.

Project Objectives • Objective 9: Foster Market Adoption for Unikernels • Objective 10: Time-to-Market Reduction for Secure Software Development and Deployment Impact achievement Use Cases • Objective 5: Efficient Serverless Computing in Clouds • Objective 6: Efficient and Secure NFV Deployment • Objective 7: Privacy-aware, Cheap Io. T Platform Cloud Offloading • Objective 8: Secure, Deterministic Smart Contracts Unikernel toolchain • Objective 1: Fine-Grained OS Decomposition and Code Re-use • Objective 2: Automated, Multi-platform Unikernel Construction • Objective 3: Automated Unikernel Verification, Security and Safety • Objective 4: Automated Unikernel Performance Optimization © 2019 UNICORE

Work breakdown WP 1: Project Management WP 3: Core Implementation WP 4: Toolstack Implementation WP 5: Unikernels in Practice Home Serverless computing automation/Io. T – lambda services NFV/MEC/RAN virtualization Smart contracts WP 6: Exploitation and Dissemination WP 2: Platform Design and Evaluation dissemination Industrial exploitation H 2020 projects Open source © 2019 UNICORE

UNICORE Use Case Serverless Computing for novel cloud platforms • Rationale: Current implementations of serverless computing platforms either use containers (being thus insecure) or rely on full blown VMs which makes them highly inefficient (e. g. Amazon EC 2’s lambda services) • Goal: Use UNICORE technology and APIs to enable novel serverless computing • Develop a lambda services offering based on UNICORE and execute trial in Barcelona, providing services (web crawling and video transcoding functions) to citizens and especially to the university and research community • Integrate unikernels in Packet. Cloud, an edge serverless computing platform developed by Correct Networks, and use UNICORE tools to develop a unikernel to run lambda functions written in Node. js • Target TRL: 7 -8

UNICORE Use Case Efficient, Secure Network Function Virtualization • Rationale: The holy grail of a Network Function Virtualization (NFV) implementation is the ability to dynamically provision network components, services and applications in a matter of minutes rather than the weeks or months it takes to do so now • Goal: With boot-times in the order of milliseconds, unikernels will provide disrupting NFV solutions • Universal CPE. Use UNICORE tools to develop a footprint optimized virtual router (v. CPE) and micro-services (such as DHCP servers, NAT or probes) running on lightweight virtual machines that offer good performance, while offering strong isolation and tangible security guarantees • Broadband Network Gateway for wired Internet access. Upgrade from a monolithic approach using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each Pointto-Point Protocol over Ethernet (PPPo. E) session running in a separate unikernel VM (disaggregated BNG) • Wireless 5 G v. RAN NFV Clusters. Ports 4 G and 5 G control plane (Layer 3) v. RAN VNFs to Unikernels to target real world 5 G testbeds. Additionally, MEC apps and user plane VNFs will be experimented evaluated for similar commercial deployments • Target TRL: 8

UNICORE Use Case Internet of Things • Rationale: Offloading Io. T platform controllers to the cloud is not a new area, yet valid privacy concerns raised by clouds run in different jurisdictions hamper offloading, forcing Io. T systems to install hardware in the home to control Io. T devices, and reducing economic efficiency • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Symphony Io. T platform by Nextworks. Use UNICORE tools to develop unikernels for home and building automation, data storage and analytics, media services and voice/video communications. • Use Packet. Cloud serverless computing functions to develop a proof-of-concept Io. T controller • Target TRL: 7

UNICORE Use Case Smart Contracts • Rationale: The main challenges for smart contracts in a blockchain environment are ensuring deterministic execution support because all participants need to be able to verify the result of a smart contract; safe running of untrusted code, to avoid security issues on the nodes involved in the system; and handling the interaction between smart contracts • Goal: Migrate to unikernels a selected set of application services from commercial “digital living” platforms currently deployed in VMs and containers • Create a permissioned blockchain called skipchain that includes precompiled smart contracts, but that lacks so far the possibility to run smart contracts provided by the users. • Target TRL: 7

Consortium Host infrastructure in support of unikernels (containers, VMs) WP 4 leader Microlibraries, build system, performance tools Technical Coordinator & WP 3 leader Deterministic execution support, smart contracts use case Testbeds/infrastructure, tools integration, serverless use case WP 2 leader Serverless / Io. T use cases Microlibraries, APIs, security primitives, performance tool System reqs, NFV use case (5 G v. RAN) Systems security and safety primitives Home automation / Io. T use case WP 6 leader Symbolic execution, deterministic execution, NFV use case Project Coordinator NFV use cases, industrial exploitation NFV use case © 2019 UNICORE

info@unicore-project. eu @unicore_project www. linkedin. com/groups/8752067 This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 825377 © 2019 UNICORE