A Survey of Unikernel Security: Insights and Trends from a Quantitative Analysis
Alex Wollman, John Hastings
TL;DR
This paper interrogates how security topics are discussed in unikernel research by applying a TF‑IDF analysis to 33 papers published between 2013 and 2023. The authors construct a reproducible pipeline involving literature search across IEEE Xplore, ACM DL, and Google Scholar, careful paper selection, and data extraction using a curated security-term list, with TF, IDF, and TF‑IDF computed for both security terms and unikernel names. Key findings show SGX and ASLR as the most frequently discussed security terms, while Memory Protection Extensions, Memory Protection Keys, DEP, and CFI appear least often, suggesting underexplored attack surfaces in unikernel security. The study also confirms a shift toward development-oriented unikernel work and demonstrates that TF‑IDF alone has limitations for capturing security context, motivating future work that links terms to specific unikernels and applies NLP to capture context and sentiment. The approach provides a generalizable framework for trend analysis in niche security domains, guiding future research toward more comprehensive, context-aware security evaluations in unikernels.
Abstract
Unikernels, an evolution of LibOSs, are emerging as a virtualization technology to rival those currently used by cloud providers. Unikernels combine the user and kernel space into one "uni"fied memory space and omit functionality that is not necessary for its application to run, thus drastically reducing the required resources. The removed functionality however is far-reaching and includes components that have become common security technologies such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Non-executable bits (NX bits). This raises questions about the real-world security of unikernels. This research presents a quantitative methodology using TF-IDF to analyze the focus of security discussions within unikernel research literature. Based on a corpus of 33 unikernel-related papers spanning 2013-2023, our analysis found that Memory Protection Extensions and Data Execution Prevention were the least frequently occurring topics, while SGX was the most frequent topic. The findings quantify priorities and assumptions in unikernel security research, bringing to light potential risks from underexplored attack surfaces. The quantitative approach is broadly applicable for revealing trends and gaps in niche security domains.