Hi all, I'm happy to announce that our ACM SoCC 2018 paper entitled "Unikernels as Processes" is now publicly available at https://dl.acm.org/citation.cfm?id=3267845.
The paper by Dan and Ricardo of IBM Research, Nikhil of BITS Pilani and myself presents the central tenet that the host attack surface/TCB of a Linux seccomp-sandboxed unikernel is comparable to, or, depending or your evaluation metric, better than that of hardware virtualization sandbox. Dan & Ricardo's implementation of a seccomp tender for Solo5 is available today as part of the "nabla containers" project at https://github.com/nabla-containers/solo5. I plan to work together with Dan & Ricardo on upstreaming this code to Solo5 next month. Regards, -mato
