FlexOS: towards flexible OS isolation

@article{Lefeuvre2021FlexOSTF,
  title={FlexOS: towards flexible OS isolation},
  author={Hugo Lefeuvre and Vlad-Andrei Badoiu and Alexander Jung and Stefan Teodorescu and Sebastian Rauch and Felipe Huici and Costin Raiciu and Pierre Olivier},
  journal={Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems},
  year={2021}
}
  • Hugo LefeuvreVlad-Andrei Badoiu Pierre Olivier
  • Published 13 December 2021
  • Computer Science
  • Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break. We present FlexOS, a novel OS… 
View on ACM
[PDF] Semantic Reader
4 Citations
Background Citations
3
Methods Citations
2

4 Citations

You shall not (by)pass!: practical, secure, and fast PKU-based sandboxing

Cerberus is presented, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes, and is applied to several memory isolation schemes, and shows that it is practical, efficient, and secure.

Towards Making Unikernels Rejuvenatable

  • Takeru WadaHiroshi Yamada
  • Computer Science
    2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
  • 2022
This paper presents VampOS that allows us to rejuve-nate the only unikernellayer and describes the next directions for efficient rejuvenation of the unikernel-linked applications.

Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

It is shown, among others, that not all interfaces are affected in the same way, that API size is uncorrelated with CIV prevalence, and that addressing interface vulnerabilities goes beyond writing simple checks.

VDom: Fast and Unlimited Virtual Domains on Multiple Architectures

VDom is a fast and scalable memory domain virtualization system that supports unlimited memory domains, and optimizes related memory management operations, and is comparable to EPK and has significantly higher efficiency than libmpk.

References

SHOWING 1-10 OF 85 REFERENCES

FlexOS: making OS isolation flexible

FlexOS is presented, a novel, modular OS design whose compartmentalization and protection profile can seamlessly be tailored towards a specific application or use-case at build time, and an early proto-type of FlexOS is implemented that can automatically generate a large array of different OSes implementing different security strategies.

CubicleOS: a library OS with software componentisation for practical isolation

CCubicleOS is described, a library OS that isolates components in the system while maintaining the simple, monolithic development approach of library composition, and provides spatial memory isolation at the granularity of function calls by using Intel MPK at user-level to isolate components.

RedLeaf: Isolation and Communication in a Safe Operating System

A new abstraction of a lightweight language-based isolation domain that provides a unit of information hiding and fault isolation in Rust, and demonstrates the possibility to implement end-to-end zero-copy, fault isolation, and transparent recovery of device drivers.

LibrettOS: a dynamically adaptable multiserver-library OS

LibrettOS is an OS design that fuses two paradigms to simultaneously address issues of isolation, performance, compatibility, failure recoverability, and run-time upgrades and its performance typically exceeds that of NetBSD, especially when using direct access.

Mutable Protection Domains: Towards a Component-Based System for Dependable and Predictable Computing

  • Gabriel ParmerR. West
  • Computer Science
    28th IEEE International Real-Time Systems Symposium (RTSS 2007)
  • 2007
This paper investigates a concept called "mutable protection domains" that supports the notion of hardware-adaptable isolation boundaries between software components, and shows how various heuristics compare in their ability to rapidly reorganize the fault isolation boundaries of a component- based system, to ensure resource constraints while simultaneously maximizing isolation benefit.

Can we make operating systems reliable and secure?

Singularity, the most radical approach, uses a type-safe language, a single address space, and formal contracts to carefully limit what each module can do in the microkernel.

Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries

This paper proposes protected libraries as a new OS abstraction which provides separate user-level protection domains for different services, with performance approaching that of unprotected kernel bypass, and shows that this approach can efficiently protect highthroughput in-memory databases and user-space network stacks.

Exokernel: an operating system architecture for application-level resource management

The prototype exokernel system implemented here is at least five times faster on operations such as exception dispatching and interprocess communication, and allows applications to control machine resources in ways not possible in traditional operating systems.

The Flux OSKit: a substrate for kernel and language research

The OSKit demonstrates a technique that allows unmodified code from existing mature operating systems to be incorporated quickly and updated regularly, by wrapping it with a small amount of carefully designed "glue" code to isolate it s dependencies and export well-defined interfaces.

VirtuOS: an operating system with kernel virtualization

A prototype based on the Linux kernel and Xen hypervisor can survive the failure of individual service domains while outperforming alternative approaches such as isolated driver domains and even exceeding the performance of native Linux for some multithreaded workloads.
...