The security improvements of unikernels may be overstated. Look at the announcement, last week, of installing malware on LTE/3G modems built into laptops and tablets [1]. As Rich Murray pointed out in his comment on the subject in SANS Newsbites - these modems are a thing, an appliance, in the Internet of Things. The ability to fix these things is necessary to the developers of the things.
Unikernels, with configuration baked in, will have similiar needs. In the case of unikernels, editing of configuration inputs and recompiling/linking will be required instead of a manufacturer's backdoor to update firmware. The development environment to make those configuration changes must be virtually close to the hypervisor runtime environment of the unikernel. That means the development environment will be a target. Of course, the real target will be the unikernel VMs that are poorly configured. The unikernel is the ultimate reaction to the exploit - but it does nothing for attacks that simply use the system as designed to do the attacker's bidding. [1] http://www.computerworld.com/article/2968274/security/internal-lte3g-modems-can-be-hacked-to-help-malware-survive-os-reinstalls.html Ray Parks Consilient Heuristician/IDART Old-Timer V: 505-844-4024 M: 505-238-9359 P: 505-951-6084 On Aug 11, 2015, at 1:06 PM, Parks, Raymond wrote: > And, like so many trends in computers, we return to the past. This time, to > VM and CMS. > > Ray Parks > Consilient Heuristician/IDART Old-Timer > V: 505-844-4024 M: 505-238-9359 P: 505-951-6084 > NIPR: [email protected] > SIPR: [email protected] (send NIPR reminder) > JWICS: [email protected] (send NIPR reminder) > > > > On Aug 11, 2015, at 11:38 AM, Marcus Daniels wrote: > >> And don't overlook the fine work done in the Northwest.. >> >> http://galois.com/project/halvm/ >> >> ..and in fact going back some time.. >> >> http://www-spin.cs.washington.edu/ >> >> -----Original Message----- >> From: Friam [mailto:[email protected]] On Behalf Of glen ep ropella >> Sent: Tuesday, August 11, 2015 11:32 AM >> To: Complexity Coffee Group >> Subject: [FRIAM] unikernels? >> >> >> Life in a Post-Container World and Why Linux Will Play a Diminished Role >> http://thenewstack.io/life-post-container-world/ >> >> Unikernels: Rise of the Virtual Library Operating System >> http://queue.acm.org/detail.cfm?id=2566628 >> >> Luckily, Marcus introduced me to ocaml a long time ago, otherwise I'd feel >> even more out of touch than I already do. >> >> -- >> glen ep ropella -- 971-255-2847 >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe >> http://redfish.com/mailman/listinfo/friam_redfish.com >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
smime.p7s
Description: S/MIME cryptographic signature
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
