"Virtualization, containers, and unikernels are the fundamental technologies that enabled the widespread use of the cloud; therefore, a comparison of their security isolation characteristics is necessary to understand the potential threats. Each of these technologies contains subtle differences in the methodology and software architecture to provide secure isolation between guests. All 3 of these technologies commonly provide the same functionality with varying degrees of overhead; however, the security isolation is based on a vastly different approach. This report first gives the background of each of these technologies followed by the security isolation aspects of each technology. A suggestion on metrics to further evaluate security characteristics of each technology is proposed to guide future evaluations."
ARL-TR-8029; Army Research Lab Technical Report 8029
Government Publishing Office: https://www.gpo.gov/