I'd argue the Mirage Unikernel (built almost wholly in OCaml) is one of the most robust platforms out there. The NCC paper you talk about looks at two rather old fashioned unikernels in isolation. I don't think the idea of unikernels should be discarded because the current implementations are slightly lacklustre -- it just shows that there's a fair way to go yet.
>[..] A better would be to host that application and reduce the kernel to whats needed
The authors of the NCC paper are evaluating MirageOS as well. IIRC from listening to their talk on the paper and ongoing research https://www.youtube.com/watch?v=b68VFuB_y5M it's got more of the problems other unikernels do than I'd have assumed. I'm pretty ignorant, but the paper gave me the impression that there's a long (rather than fair) way to go yet, especially relative to seemingly widespread assumption that unikernels are inherently more secure.
>[..] A better would be to host that application and reduce the kernel to whats needed
This is a unikernel.