Unikernels are used to increase applications’ performance by tightly coupling them with a heavily trimmed operating system, which is then launched in a virtual machine - enhancing the overall security of the system. While the Zephyr RTOS is not advertised as a unikernel, it has all the characteristics that allow using it that way, namely: low resource usage, highly customizable builds and POSIX standard support.
The goal of this thesis was to compare Zephyr to the Linux operating system, Docker containers, and another unikernel - Unikraft, focusing on performance and security aspects. Zephyr performed the best out of the analyzed platforms with regard to boot time, RAM usage and disk space usage. In the case of security tests, Zephyr was able to prevent various intrusion attempts, like overflowing the stack, trying to overwrite the return address or trying to modify/execute memory pages the program shouldn't be allowed to, which wasn't always the case with the other analyzed unikernel.
This work, confirming Zephyr’s usability as a unikernel, was enabled by Antmicro’s previous contributions to the Zephyr project, including bootargs, virtio and virtiofs support, and was followed up with further improvements to the RTOS.