Projects per year
Abstract
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS’ vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.
CCS CONCEPTS
• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.
KEYWORDS
Operating Systems, Security, Isolation
Original language | English |
---|---|
Title of host publication | ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems |
Editors | Babak Falsafi, Michael Ferdman, Shan Lu, Thomas F. Wenisch |
Pages | 467-482 |
Number of pages | 16 |
ISBN (Electronic) | 9781450392051 |
DOIs | |
Publication status | Published - 28 Feb 2022 |
Publication series
Name | International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS |
---|
Keywords
- Isolation
- Operating Systems
- Security
Fingerprint
Dive into the research topics of 'FlexOS: Towards Flexible OS Isolation'. Together they form a unique fingerprint.Projects
- 1 Finished
-
SCorCH: Secure Code for Capability Hardware
Reger, G. (PI), Cordeiro, L. (CoI), Korovin, K. (CoI), Mustafa, M. (CoI) & Olivier, P. (CoI)
1/07/20 → 31/12/23
Project: Research
Prizes
-
Carole Goble Medal for Outstanding Doctoral Paper in Computer Science
Lefeuvre, H. (Recipient), 22 May 2022
Prize: Prize (including medals and awards)
-
Distinguished Artifact Award
Lefeuvre, H. (Recipient), Bădoiu, V.-A. (Recipient), Jung, A. (Recipient), Teodorescu, S. L. (Recipient), Rauch, S. (Recipient), Huici, F. (Recipient), Raiciu, C. (Recipient) & Olivier, P. (Recipient), 28 Feb 2022
Prize: Prize (including medals and awards)
-
Excellence Award for Best Outstanding Output in the Faculty of Science and Engineering 2021/22
Lefeuvre, H. (Recipient), 16 Jun 2022
Prize: Prize (including medals and awards)