Home > Research > Publications & Outputs > FlexOS

Links

Text available via DOI:

View graph of relations

FlexOS: towards flexible OS isolation

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

FlexOS: towards flexible OS isolation. / Lefeuvre, Hugo; Bădoiu, Vlad-Andrei; Jung, Alexander et al.
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. ed. / Babak Falsafi; Michael Ferdman; Shan Lu; Thomas F. Wenisch. New York: ACM, 2022. p. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Lefeuvre, H, Bădoiu, V-A, Jung, A, Teodorescu, SL, Rauch, S, Huici, F, Raiciu, C & Olivier, P 2022, FlexOS: towards flexible OS isolation. in B Falsafi, M Ferdman, S Lu & TF Wenisch (eds), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, ACM, New York, pp. 467-482. https://doi.org/10.1145/3503222.3507759

APA

Lefeuvre, H., Bădoiu, V-A., Jung, A., Teodorescu, S. L., Rauch, S., Huici, F., Raiciu, C., & Olivier, P. (2022). FlexOS: towards flexible OS isolation. In B. Falsafi, M. Ferdman, S. Lu, & T. F. Wenisch (Eds.), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 467-482). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). ACM. https://doi.org/10.1145/3503222.3507759

Vancouver

Lefeuvre H, Bădoiu V-A, Jung A, Teodorescu SL, Rauch S, Huici F et al. FlexOS: towards flexible OS isolation. In Falsafi B, Ferdman M, Lu S, Wenisch TF, editors, ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM. 2022. p. 467-482. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Epub 2022 Feb 28. doi: 10.1145/3503222.3507759

Author

Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei ; Jung, Alexander et al. / FlexOS : towards flexible OS isolation. ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. editor / Babak Falsafi ; Michael Ferdman ; Shan Lu ; Thomas F. Wenisch. New York : ACM, 2022. pp. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

Bibtex

@inproceedings{33f6ef380e6348359f74d45a4f74d131,
title = "FlexOS: towards flexible OS isolation",
abstract = "At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.",
author = "Hugo Lefeuvre and Vlad-Andrei B{\u a}doiu and Alexander Jung and Teodorescu, {Stefan Lucian} and Sebastian Rauch and Felipe Huici and Costin Raiciu and Pierre Olivier",
year = "2022",
month = feb,
day = "28",
doi = "10.1145/3503222.3507759",
language = "English",
series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",
publisher = "ACM",
pages = "467--482",
editor = "Babak Falsafi and Michael Ferdman and Shan Lu and Wenisch, {Thomas F.}",
booktitle = "ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems",

}

RIS

TY - GEN

T1 - FlexOS

T2 - towards flexible OS isolation

AU - Lefeuvre, Hugo

AU - Bădoiu, Vlad-Andrei

AU - Jung, Alexander

AU - Teodorescu, Stefan Lucian

AU - Rauch, Sebastian

AU - Huici, Felipe

AU - Raiciu, Costin

AU - Olivier, Pierre

PY - 2022/2/28

Y1 - 2022/2/28

N2 - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.

AB - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.

U2 - 10.1145/3503222.3507759

DO - 10.1145/3503222.3507759

M3 - Conference contribution/Paper

T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

SP - 467

EP - 482

BT - ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

A2 - Falsafi, Babak

A2 - Ferdman, Michael

A2 - Lu, Shan

A2 - Wenisch, Thomas F.

PB - ACM

CY - New York

ER -