Demo: On-the-fly generation of unikernels for software-defined security in cloud infrastructures

The programmability of security mechanisms through software-defined security permits the outsourcing of security management to a dedicated plan. Unikernels offer new perspectives for supporting this programmability, and addressing the challenges with respect to the heterogeneity and the dynamics of cloud resources. In this demo, we demonstrate how unikernel properties may enable an adequate security enforcement at the resource level. We present a framework for integrating security mechanisms into unikernel virtual machines, and align them to a given security policy, through the on-the-fly unikernel VM generation. We showcase an implementation prototype and confront it to cloud exploitation scenarios.