GoodBye Linux : the next OS
The server operating system has not changed in 50 years
Our current server operating systems have not changed in 50 years and do not reflect modern day concerns for managing servers and cyber-security.Still built for multiple users to run multiple programs, leaving large spaces open for targeted cyber attacks.
The future is unikernels
A unikernel is an application that has been boiled down to a small, secure, light-weight virtual machine which eliminates general purpose operating systems such as Linux or Windows. Unikernels aims to be a much more secure system than Linux. It does this through several thrusts. Not having the notion of users, running a single process per vm, and limiting the amount of code that is incorporated into each vm.This means that there are no users and no shell to login to and, more importantly, you can’t run more than the one program you want to run inside.
Unikernels are provisioned directly on the hypervisor without a traditional system like Linux. So run 1000X more vms/per server.
Compared to Linux, the unikernel has only a tenth of 1% of the attack surface. So in the case of a unikernel — sysdig, tcpdump, and mysql-client are not installed and you can’t just “apt-get install” them either. You have to bring that with your exploit. To take it further even a simple cat /etc/hosts or grep of /var/log/nginx/access.log simply won’t work — once again they are separate processes.
So unikernels are highly resistant to remote code execution attacks, more specifically shell code exploits.
Open Source unikernel projects:
So what? Try Deploying Nanos Node.JS Unikernels to AWS and start exploring……….
Thanks for reading :)
My Previous “GoodBye : the next” short articles
