---

News

• Hugo’s PhD thesis was published.
• FlexOS will be presented at the Huawei Future Device Technology Summit’23.
• We have ported FlexOS to the CHERI/ARM Morello platform, to learn more check out our PLOS’23 paper “Software Compartmentalization Trade-Offs with Hardware Capabilities”.
• Our follow-up work, ConfFuzz, was accepted at NDSS’23!
• We will hold a FlexOS session at the Lyon Unikraft Hackathon.
• FlexOS will be presented at SPMA’22.
• Our FlexOS paper was awarded the Distinguised Artifact Award at ASPLOS’22!
• FlexOS will be presented at FGBS’22.
• FlexOS will be presented at FOSDEM as part of the Hardware-Aided Trusted Computing track.
• Our FlexOS paper was accepted to appear at ASPLOS 2022.

---

Operating Systems (OSes) have historically been classified according to their isolation properties: monolithic OSes, microkernels, single-address-space OSes, or unikernels… Decades of experience in research and industry showed that there is no silver bullet and that different use-cases might demand different approaches to optimize safety and performance.

What if we tried to design an operating system able to be easily reconfigured into any of these points in the OS design space? What if the OS could be a microkernel, a unikernel, or a monolithic OS, at will, and using a wide range of hardware- and software-backed isolation mechanisms?

FlexOS is an effort to try and answer these questions. FlexOS is an OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time, instead of design time. Depending on the configuration, the same FlexOS code can mimic a microkernel with multiple address-spaces, a single-address-space OS with Intel MPK compartments, or many other OS isolation approaches. A prototype of FlexOS on top of Unikraft, a popular library OS framework, is available on GitHub.

Getting Started

Our main README provides a step-by-step guide to get started with our prototype. The README of our ASPLOS artifact evaluation repository is also a great starting point to reproduce our experiments and create new ones.

Publications

• Software Compartmentalization Trade-Offs with Hardware Capabilities.
  J. A. Kressel, H. Lefeuvre, P. Olivier.
  PLOS’23 [ArXiv]

• FlexOS: Towards Flexible OS Isolation.
  H. Lefeuvre, V-A. Bădoiu, A. Jung, S. Teodorescu, S. Rauch, F. Huici, C. Raiciu, P. Olivier.
  ASPLOS’22 [ACM] [ArXiv] [Artifact] [YouTube]

• FlexOS: Easy Specialization of OS Safety Properties.
  H. Lefeuvre.
  Middleware DW’21 [ACM] [YouTube]

• FlexOS: Making OS Isolation Flexible.
  H. Lefeuvre, V-A. Bădoiu, S. Teodorescu, P. Olivier, T. Mosnoi, R. Deaconescu, F. Huici, C. Raiciu.
  HotOS’21 [ACM] [YouTube]

Presentations

• Rethinking the OS for Isolation Flexibility with FlexOS.
  FOSDEM’22 [Video]

• Retrotting Isolation into Unikraft with FlexOS.
  USoC’21 [YouTube]

• FlexOS : Vers une Isolation Flexible du Noyau.
  COMPAS’21 [HAL]

• Other Presentations (no recording): SPMA’22, FGBS’22, Huawei Future Device Technology Summit’23 [Slides].

Tutorials

• FlexOS Session at the Lyon Unikraft Hackathon [Slides]

Student Theses

• VM/EPT: A Virtualisation-based Isolation Backend for FlexOS.
  S. Rauch, 2022, Master Thesis at KIT [PDF]
• Enforcing Control-Flow Integrity in FlexOS
  M. Krajewski, 2023, BSc Thesis at The University of Manchester [PDF]
• Exploring Software Compartmentalisation with Hardware Capabilities
  J. A. Kressel, 2023, MPhil Thesis at The University of Manchester [PDF]
• Towards Safe, Flexible, and Easy Software Compartmentalisation
  H. Lefeuvre, 2024, PhD Thesis at The University of Manchester [PDF]

Contact

Hugo Lefeuvre, The University of Manchester: hugo.lefeuvre at manchester.ac.uk (graduated)

Hugo Lefeuvre, The University of British Columbia: hugo.lefeuvre at ubc.ca

Pierre Olivier, The University of Manchester: pierre.olivier at manchester.ac.uk

---

FlexOS is an open-source project resulting from a collaboration between the University of Manchester, Politehnica University of Bucharest, and NEC Laboratories Europe.

FlexOS is supported in part by a studentship from NEC Labs Europe, EU H2020 grants 825377 (UNICORE), 871793 (ACCORDION) and 758815 (CORNET), as well as the UK’s EPSRC grants EP/V012134/1 (UniFaaS) and EP/V000225/1 (SCorCH). UPB authors are partly supported by VMWare gift funding.

FlexOS logo made by Kerbreizh Informatique.