Standard
FlexOS: towards flexible OS isolation. / Lefeuvre, Hugo; Bădoiu, Vlad-Andrei
; Jung, Alexander et al.
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. ed. / Babak Falsafi; Michael Ferdman; Shan Lu; Thomas F. Wenisch. New York: ACM, 2022. p. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Harvard
Lefeuvre, H, Bădoiu, V-A
, Jung, A, Teodorescu, SL, Rauch, S, Huici, F, Raiciu, C & Olivier, P 2022,
FlexOS: towards flexible OS isolation. in B Falsafi, M Ferdman, S Lu & TF Wenisch (eds),
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, ACM, New York, pp. 467-482.
https://doi.org/10.1145/3503222.3507759
APA
Lefeuvre, H., Bădoiu, V.-A.
, Jung, A., Teodorescu, S. L., Rauch, S., Huici, F., Raiciu, C., & Olivier, P. (2022).
FlexOS: towards flexible OS isolation. In B. Falsafi, M. Ferdman, S. Lu, & T. F. Wenisch (Eds.),
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 467-482). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). ACM.
https://doi.org/10.1145/3503222.3507759
Vancouver
Lefeuvre H, Bădoiu VA
, Jung A, Teodorescu SL, Rauch S, Huici F et al.
FlexOS: towards flexible OS isolation. In Falsafi B, Ferdman M, Lu S, Wenisch TF, editors, ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM. 2022. p. 467-482. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Epub 2022 Feb 28. doi: 10.1145/3503222.3507759
Author
Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei
; Jung, Alexander et al. /
FlexOS : towards flexible OS isolation. ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. editor / Babak Falsafi ; Michael Ferdman ; Shan Lu ; Thomas F. Wenisch. New York : ACM, 2022. pp. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).
Bibtex
@inproceedings{33f6ef380e6348359f74d45a4f74d131,
title = "FlexOS: towards flexible OS isolation",
abstract = "At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.",
author = "Hugo Lefeuvre and Vlad-Andrei B{\u a}doiu and Alexander Jung and Teodorescu, {Stefan Lucian} and Sebastian Rauch and Felipe Huici and Costin Raiciu and Pierre Olivier",
year = "2022",
month = feb,
day = "28",
doi = "10.1145/3503222.3507759",
language = "English",
series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",
publisher = "ACM",
pages = "467--482",
editor = "Babak Falsafi and Michael Ferdman and Shan Lu and Wenisch, {Thomas F.}",
booktitle = "ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems",
}
RIS
TY - GEN
T1 - FlexOS
T2 - towards flexible OS isolation
AU - Lefeuvre, Hugo
AU - Bădoiu, Vlad-Andrei
AU - Jung, Alexander
AU - Teodorescu, Stefan Lucian
AU - Rauch, Sebastian
AU - Huici, Felipe
AU - Raiciu, Costin
AU - Olivier, Pierre
PY - 2022/2/28
Y1 - 2022/2/28
N2 - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.
AB - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.
U2 - 10.1145/3503222.3507759
DO - 10.1145/3503222.3507759
M3 - Conference contribution/Paper
T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
SP - 467
EP - 482
BT - ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
A2 - Falsafi, Babak
A2 - Ferdman, Michael
A2 - Lu, Shan
A2 - Wenisch, Thomas F.
PB - ACM
CY - New York
ER -