FlexOS: Easy Specialization of OS Safety Properties

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

115 Downloads (Pure)


Modern operating systems are tightly coupled to a specific isolation approach and safety mechanism. At design time, the isolation strategy is set in stone and rarely revisited later, due to prohibitive costs. This lack of flexibility hurts specialization, makes it hard to leverage new software/hardware isolation technologies, and makes the OS less resilient to attacks targeting the isolation mechanism. To address these issues we have developed FlexOS, a novel libOS approach that decouples isolation properties from the OS design. Depending on the configuration, the same FlexOS code can mimic a microkernel with multiple address-spaces, a single-address-space OS with Intel MPK compartments, or many other OS isolation approaches.

In this paper, we summarize the current state of FlexOS and present two main research avenues that we aim to explore next: automated porting to make OS safety property specialization really easy, and support for CHERI hardware capabilities to better showcase FlexOS’ potential.
Original languageEnglish
Title of host publicationProceedings of the 22nd International Middleware Conference Doctoral Symposium
Place of PublicationNew York, USA
PublisherAssociation for Computing Machinery
Number of pages4
Publication statusE-pub ahead of print - 6 Dec 2021
EventInternational Middleware Conference Doctoral Symposium - Online, Canada
Duration: 6 Dec 202110 Dec 2021
Conference number: 22


WorkshopInternational Middleware Conference Doctoral Symposium
Abbreviated titleMiddleware ’21 Doctoral Symposium
Internet address


Dive into the research topics of 'FlexOS: Easy Specialization of OS Safety Properties'. Together they form a unique fingerprint.

Cite this