FlexOS: Towards Flexible OS Isolation

Hugo Lefeuvre; Vlad-Andrei Bădoiu; Alexander Jung; Ștefan Teodorescu; Sebastian  Rauch; Felipe Huici; Costin Raiciu; Pierre Olivier

doi:10.1145/3503222.3507759

FlexOS: Towards Flexible OS Isolation

Hugo Lefeuvre, Vlad-Andrei Bădoiu, Alexander Jung, Ștefan Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, Pierre Olivier

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

513 Downloads (Pure)

Abstract

At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications’ safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS’ vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.

CCS CONCEPTS
• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.

KEYWORDS
Operating Systems, Security, Isolation

Original language	English
Title of host publication	ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Editors	Babak Falsafi, Michael Ferdman, Shan Lu, Thomas F. Wenisch
Pages	467-482
Number of pages	16
ISBN (Electronic)	9781450392051
DOIs	https://doi.org/10.1145/3503222.3507759
Publication status	Published - 28 Feb 2022

Publication series

Name	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Keywords

Isolation
Operating Systems
Security

Access to Document

10.1145/3503222.3507759

paperAccepted author manuscript, 1.07 MB
flexos-asplos22Final published version, 654 KBLicence: CC BY-SA

Carole Goble Medal for Outstanding Doctoral Paper in Computer Science
Lefeuvre, Hugo (Recipient), 22 May 2022
Prize: Prize (including medals and awards)
Distinguished Artifact Award
Lefeuvre, Hugo (Recipient), Bădoiu, Vlad-Andrei (Recipient), Jung, Alexander (Recipient), Teodorescu, Stefan Lucian (Recipient), Rauch, Sebastian (Recipient), Huici, Felipe (Recipient), Raiciu, Costin (Recipient) & Olivier, Pierre (Recipient), 28 Feb 2022
Prize: Prize (including medals and awards)
Excellence Award for Best Outstanding Output in the Faculty of Science and Engineering 2021/22
Lefeuvre, Hugo (Recipient), 16 Jun 2022
Prize: Prize (including medals and awards)

Cite this

Lefeuvre, H., Bădoiu, V-A., Jung, A., Teodorescu, Ș., Rauch, S., Huici, F., Raiciu, C., & Olivier, P. (2022). FlexOS: Towards Flexible OS Isolation. In B. Falsafi, M. Ferdman, S. Lu, & T. F. Wenisch (Eds.), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 467-482). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Advance online publication. https://doi.org/10.1145/3503222.3507759

Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei ; Jung, Alexander et al. / FlexOS: Towards Flexible OS Isolation. ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. editor / Babak Falsafi ; Michael Ferdman ; Shan Lu ; Thomas F. Wenisch. 2022. pp. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

@inproceedings{77bc5a05b0b04dabb588976c96d26e7f,

title = "FlexOS: Towards Flexible OS Isolation",

abstract = "At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications{\textquoteright} safety/performance requirements, when new hardware isolation mechanisms are rolled out, or whenexisting ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performancedesign space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS{\textquoteright} vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.CCS CONCEPTS• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.KEYWORDSOperating Systems, Security, Isolation",

keywords = "Isolation, Operating Systems, Security",

author = "Hugo Lefeuvre and Vlad-Andrei B{\u a}doiu and Alexander Jung and Ștefan Teodorescu and Sebastian Rauch and Felipe Huici and Costin Raiciu and Pierre Olivier",

note = "Funding Information: We would like to thank the anonymous reviewers, and our shepherd, Gerd Zellweger, for their comments and insights. A similar thanks goes to our colleague Marc Rittinghaus for his insights, and to Julia Lawall for her invaluable help on Coccinelle. We are immensely grateful to the Unikraft OSS community for their past and ongoing contributions. This work was funded by a studentship from NEC Labs Europe, EU H2020 grants 825377 (UNICORE), 871793 (ACCORDION) and 758815 (CORNET), as well as the UK{\textquoteright}s EPSRC grants EP/V012134/1 (UniFaaS) and EP/V000225/1 (SCorCH). UPB authors were partly supported by VMWare gift funding. Publisher Copyright: {\textcopyright} 2022 ACM.",

year = "2022",

month = feb,

day = "28",

doi = "10.1145/3503222.3507759",

language = "English",

series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",

pages = "467--482",

editor = "Babak Falsafi and Michael Ferdman and Shan Lu and Wenisch, {Thomas F.}",

booktitle = "ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems",

}

Lefeuvre, H, Bădoiu, V-A, Jung, A, Teodorescu, Ș, Rauch, S, Huici, F, Raiciu, C & Olivier, P 2022, FlexOS: Towards Flexible OS Isolation. in B Falsafi, M Ferdman, S Lu & TF Wenisch (eds), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, pp. 467-482. https://doi.org/10.1145/3503222.3507759

FlexOS: Towards Flexible OS Isolation. / Lefeuvre, Hugo; Bădoiu, Vlad-Andrei; Jung, Alexander et al.
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. ed. / Babak Falsafi; Michael Ferdman; Shan Lu; Thomas F. Wenisch. 2022. p. 467-482 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - FlexOS: Towards Flexible OS Isolation

AU - Lefeuvre, Hugo

AU - Bădoiu, Vlad-Andrei

AU - Jung, Alexander

AU - Teodorescu, Ștefan

AU - Rauch, Sebastian

AU - Huici, Felipe

AU - Raiciu, Costin

AU - Olivier, Pierre

N1 - Funding Information: We would like to thank the anonymous reviewers, and our shepherd, Gerd Zellweger, for their comments and insights. A similar thanks goes to our colleague Marc Rittinghaus for his insights, and to Julia Lawall for her invaluable help on Coccinelle. We are immensely grateful to the Unikraft OSS community for their past and ongoing contributions. This work was funded by a studentship from NEC Labs Europe, EU H2020 grants 825377 (UNICORE), 871793 (ACCORDION) and 758815 (CORNET), as well as the UK’s EPSRC grants EP/V012134/1 (UniFaaS) and EP/V000225/1 (SCorCH). UPB authors were partly supported by VMWare gift funding. Publisher Copyright: © 2022 ACM.

PY - 2022/2/28

Y1 - 2022/2/28

N2 - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications’ safety/performance requirements, when new hardware isolation mechanisms are rolled out, or whenexisting ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performancedesign space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS’ vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.CCS CONCEPTS• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.KEYWORDSOperating Systems, Security, Isolation

AB - At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications’ safety/performance requirements, when new hardware isolation mechanisms are rolled out, or whenexisting ones break.We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performancedesign space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS’ vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.CCS CONCEPTS• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.KEYWORDSOperating Systems, Security, Isolation

KW - Isolation

KW - Operating Systems

KW - Security

U2 - 10.1145/3503222.3507759

DO - 10.1145/3503222.3507759

M3 - Conference contribution

T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

SP - 467

EP - 482

BT - ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

A2 - Falsafi, Babak

A2 - Ferdman, Michael

A2 - Lu, Shan

A2 - Wenisch, Thomas F.

ER -

Lefeuvre H, Bădoiu V-A, Jung A, Teodorescu Ș, Rauch S, Huici F et al. FlexOS: Towards Flexible OS Isolation. In Falsafi B, Ferdman M, Lu S, Wenisch TF, editors, ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 2022. p. 467-482. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Epub 2022 Feb 28. doi: 10.1145/3503222.3507759

FlexOS: Towards Flexible OS Isolation

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Prizes

Carole Goble Medal for Outstanding Doctoral Paper in Computer Science

Distinguished Artifact Award

Excellence Award for Best Outstanding Output in the Faculty of Science and Engineering 2021/22

Cite this