July 2, 2025. BI researcher Dipl.-Inf. Till Miemietz from the Composable Operating Systems group will present the paper “MettEagle: Costs and Benefits of Implementing Containers on Microkernels” at the 19th USENIX Symposium on Operating Systems Design and Implementation (OSDI) and talk about how the Barkhausen Institute improves data center security by implementing a container runtime environment on the L4Re microkernel.
Categories
Tags
Contact info
Silicon Saxony
Marketing, Kommunikation und Ă–ffentlichkeitsarbeit
Manfred-von-Ardenne-Ring 20 F
Fax: +49 351 8925 889
Contact person:
When we use online services such as social networks, online banking or video streaming, we access program code via the internet that is executed on servers in a data center. Programs from different users run in parallel on the same server. A standard operating system such as Linux is usually used for this. A central problem is that the security of Linux must be specifically strengthened for use in such server environments. This is precisely where container technologies come in. They isolate applications and processes within a common operating system. To do this, they use security mechanisms such as seccomp, namespaces and cgroups. However, these additions increase the complexity of the overall system and therefore also potentially increase the attack surface. In the worst-case scenario, this can even jeopardize security rather than improve it.
We use a system based on the L4Re microkernel instead of Linux. In contrast to Linux, this offers strong security features by design and does not require additional protection mechanisms to be retrofitted. However, microkernels have not yet been used for typical server hardware and with workloads that are typical for data centers. Therefore, we have not only designed and implemented a container environment for micro cores, but also made numerous performance optimizations. In this way, microkernels become suitable for use in data centers.
Our development creates an execution environment for server programs that offers a significant security gain over Linux through the use of a microkernel. Data centers can thus be better protected against attacks. At the same time, the L4Re system now provides a domestic solution that can also strengthen digital sovereignty in the data center sector.
MettEagle: Costs and Benefits of Implementing Containers on Microkernels
Till Miemietz, Viktor Reusch, and Matthias Hille, Barkhausen Institute; Lars Wrenger, Leibniz University Hannover; Jana Eisoldt, Barkhausen Institute; Jan Klötzke, Kernkonzept GmbH; Max Kurze, Technische Universität Dresden; Adam Lackorzynski, Technische Universität Dresden and Kernkonzept GmbH; Michael Roitzsch, Barkhausen Institut; Hermann Härtig, Barkhausen Institut and Technische Universität Dresden
– – – – – –
👉 www.barkhauseninstitut.org
Photo: pixabay
