SoK: Virtualization Classification on Isolation Capabilities
Keywords: Virtualization, Classification, Container, Hypervisor, Sandbox
TL;DR: This work provides a virtualization technology classification in order to distinguish implementation along their techniques for isolation.
Abstract: Within the Linux ecosystem, hypervisor and container-based virtualization are the two most prevalent and well-known server virtualization approaches. As it is often the case, the choice is much more complex than a binary decision between those distinct approaches.
Recently emerging technologies, concepts and approaches, have greatly diversified the "server virtualization landscape". For example, the enabling concepts of container-based virtualization are ever changing and improve upon every upcoming Kernel release.
Moreover, novel sandbox-based approaches leverage traditional and recent operating system functionality to intercept system calls for their isolation needs. Hybrid systems utilize classic hypervisors in order to run a specific purpose built unikernel to run container-based virtualization within themselves.
In this work, we present an approach to classify virtualization aspects by their isolation capability. For this purpose, we decompose them into their respective enabling components and describe them in detail. Finally, we present a multi-level classification of server virtualization.
%with hints on a cross-section of them. This classification aims to enable a quick assessment of virtualization technologies and their induced implications.
Area: Configuration Management for Systems
Type: Systemization of Knowledge (SoK)
7 Replies
Loading