March/April 2019 I 37
NO USERS
Unikernel architecture does not have the concept
of users and passwords, because it does not need them.
Most server and device systems deployed today have
this concept because many are still using
40 to 50-year-old operating system designs when
computers filled entire walls and cost $500,000 a pop.
However, this concept is not relevant anymore,
and it is a large reason why there are still so many
attacks on these systems today. Consider this analogy.
When patients ask a doctor why their foot hurts when
they repeatedly hit it and the doctor says, “stop doing
that,” unikernels state the obvious by saying “let’s stop
doing that” as well.
NO SHELLS
The concept of a shell is a tool that engineers use on
systems to poke and prod at systems. However, it is
not a concept that is wanted in order to enable the
deployment of tens or hundreds or thousands of
devices. After all, technicians or engineers are not
going to pop into these devices if they are acting up;
that is not scalable. Once again, shells are just not
present in unikernel systems and they stop a wide
range of attacks simply by not being present.
The botnets previously mentioned all rely on
this concept too.
REDUCED ATTACK SURFACE
Unikernels have a dramatically reduced attack
surface. Popular operating systems that sit on edge
systems today, such as Linux, have a kernel — the
core of the system — weighing in at a whopping
15 million lines of code with thousands of libraries.
Ubuntu/Debian and other distributions of Linux
add to this weight and can clock in at 50 million
lines of code. Some unikernel-based systems are so
small, they are in the tens of thousands of lines of
code; at that number provably correct systems can
be created.
CLOSING REMARKS
Edge computing is clearly transforming intelligent
buildings as it seeks to make things like HVAC,
alarms, fire systems and life safety systems more
intelligent. The challenge is in how to install all
these new computing capabilities, like machine
learning, in a secure and manageable way, because
the methods that are being used today might create
value in one direction yet steal that value from
another direction.
Please do not build intelligent buildings with
dumb security.
AUTHOR BIOGRAPHY: Ian Eyberg is CEO of NanoVMs.
A self-taught expert in Computer Science, specifically operating
systems and mainstream security, Eyberg is dedicated to
initiating a mass-upgrading of global software infrastructure,
which for the most part is based on 40-year-old technology.
Prior to cracking the code of unikernels and developing
a commercial viable solution, Eyberg was an early engineer
at Appthority, an enterprise mobile security company. He also
worked for Bluff.com doing poker analytics and studied
Computer Science at the University of Missouri-Rolla.
Ian can be reached at ian@nanovms.com.
Unikernel architecture does not
have the concept of users and
passwords, because it
does not need them.
/Bluff.com
link