UNICORE: A toolkit to automatically build unikernels

Recent years have seen the IT industry move massively towards the use of virtualization for the deployment of applications. However, the two most prominent virtualization technologies, i.e. virtual machines (VMs) and containers, both present serious drawbacks. Full-blown VMs provide a good level of isolation, but are generally heavyweight. On the other hand, containers are generally more lightweight, but offer less isolation and thus a much greater attack surface.
Unikernels have been proposed to virtualize applications in a way that is both safe, and efficient. They are specialized operating systems, tailored for a specific application, which allows to build minimalist VMs with tiny memory footprints. They keep the in- creased security of VMs, but with performance equivalent to or even better than equivalent containers. Unfortunately, porting an application to the unikernel paradigm currently requires expert knowledge, and can be very time-consuming.
In this paper, we introduce UNICORE, a common code base and toolkit to automate the building of efficient unikernels from existing off-the-shelf applications. Although UNICORE is still in the early stages, we present early results showing that UNICORE images are able to yield performance similar or better than lightweight virtualization technologies such as containers.