FlexOS: Towards Flexible OS Isolation

Hugo Lefeuvre, Vlad-Andrei Bădoiu, Alexander Jung, Ștefan Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, Pierre Olivier

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

513 Downloads (Pure)


At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications’ safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of finegrained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS’ vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.

• Software and its engineering → Operating systems; • Security and privacy → Operating systems security.

Operating Systems, Security, Isolation
Original languageEnglish
Title of host publicationASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
EditorsBabak Falsafi, Michael Ferdman, Shan Lu, Thomas F. Wenisch
Number of pages16
ISBN (Electronic)9781450392051
Publication statusPublished - 28 Feb 2022

Publication series

NameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS


  • Isolation
  • Operating Systems
  • Security


Dive into the research topics of 'FlexOS: Towards Flexible OS Isolation'. Together they form a unique fingerprint.

Cite this