Log In Sign Up

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

by   Vincent van Rijn, et al.

With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.


page 5

page 7

page 9


Enclave-Aware Compartmentalization and Secure Sharing with Sirius

Hardware-assisted trusted execution environments (TEEs) are critical bui...

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Isolation is a long-standing challenge of software security. Traditional...

Secure System Virtualization: End-to-End Verification of Memory Isolation

Over the last years, security kernels have played a promising role in re...

RunPHI: Enabling Mixed-criticality Containers via Partitioning Hypervisors in Industry 4.0

Orchestration systems are becoming a key component to automatically mana...

Effect of boundary conditions on a high-performance isolation hexapod platform

Isolation of spacecraft microvibrations is essential for the successful ...

Enumerating Isolated Cliques in Temporal Networks

Isolation has been shown to be a valuable concept in the world of clique...

Dynamic Process Isolation

In the quest for efficiency and performance, edge-computing providers el...