Spire and Unikernels - Whitehead and Boby

The purpose of this project was to convert the conventional polymorphic executables of Spire, a network-attack-resistant and intrusion-tolerant SCADA system, to self-contained unikernels to enhance their resistance to compromise-type of attacks.

Spire uses the 'multicompiler' to generate unique, polymorphic executables with each compilation. The multicompiler generates an ELF executable. Consequently, the project used a unikernel library and build system, Hermitux, that works with executables instead of the normal requirement to use the original source code.

After the converson, the multicompiled-unikernel-Spire system was evaluated to confirm that Spire continued to operate correctly, that the executables exhibited the increased performance and reduced resource utilization characteristics of unikernel technology, and if possible, to demonstrate the increased compromise resistance of the system using various attack tools such as 'metasploit' and a red team 'capture the flag' exercise.

While the conversion effort was successful and Spire's unikernel components exhibited significantly reduced boot times and memory usage, because of time constraints it was not possible to confirm the overall operation of Spire nor to empirically test its increased compromise resistance.