FlexOS: Towards Flexible OS Isolation
At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its l...
Gespeichert in:
| Hauptverfasser: | , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Lefeuvre, Hugo Bădoiu, Vlad-Andrei Jung, Alexander Teodorescu, Stefan Rauch, Sebastian Huici, Felipe Raiciu, Costin Olivier, Pierre |
| description | At design time, modern operating systems are locked in a specific safety and
isolation strategy that mixes one or more hardware/software protection
mechanisms (e.g. user/kernel separation); revisiting these choices after
deployment requires a major refactoring effort. This rigid approach shows its
limits given the wide variety of modern applications' safety/performance
requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety
and isolation strategy of an OS at compilation/deployment time instead of
design time. This modular LibOS is composed of fine-grained components that can
be isolated via a range of hardware protection mechanisms with various data
sharing strategies and additional software hardening. The OS ships with an
exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and
demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast
configuration space as well as the efficiency of the exploration technique: we
evaluate 80 FlexOS configurations for Redis and show how that space can be
probabilistically subset to the 5 safest ones under a given performance budget.
We also show that, under equivalent configurations, FlexOS performs similarly
or better than several baselines/competitors. |
| doi_str_mv | 10.48550/arxiv.2112.06566 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2112_06566</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2112_06566</sourcerecordid><originalsourceid>FETCH-LOGICAL-a676-1b387a07f24cce6f3203b7b2326ff2faf67fab632f59390615b2eb9b91fe64613</originalsourceid><addsrcrecordid>eNotzj0LwjAUheEsDqL-ACe7OLYmN82NdROxKhQ62L3caC4UqpVWtP578WM6vMvhEWKqZBQvjZELavvqEYFSEEk0iEMxT2vf58dVUDRPas9d8OnK1T7Ij8Gha2q6V811LAZMdecn_x2JIt0Wm32Y5bvDZp2FhBZD5fTSkrQM8enkkTVI7awDDcgMTIyWyaEGNolOJCrjwLvEJYo9xqj0SMx-t19neWurC7Wv8uMtv179Bo37OPg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>FlexOS: Towards Flexible OS Isolation</title><source>arXiv.org</source><creator>Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei ; Jung, Alexander ; Teodorescu, Stefan ; Rauch, Sebastian ; Huici, Felipe ; Raiciu, Costin ; Olivier, Pierre</creator><creatorcontrib>Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei ; Jung, Alexander ; Teodorescu, Stefan ; Rauch, Sebastian ; Huici, Felipe ; Raiciu, Costin ; Olivier, Pierre</creatorcontrib><description>At design time, modern operating systems are locked in a specific safety and
isolation strategy that mixes one or more hardware/software protection
mechanisms (e.g. user/kernel separation); revisiting these choices after
deployment requires a major refactoring effort. This rigid approach shows its
limits given the wide variety of modern applications' safety/performance
requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety
and isolation strategy of an OS at compilation/deployment time instead of
design time. This modular LibOS is composed of fine-grained components that can
be isolated via a range of hardware protection mechanisms with various data
sharing strategies and additional software hardening. The OS ships with an
exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and
demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast
configuration space as well as the efficiency of the exploration technique: we
evaluate 80 FlexOS configurations for Redis and show how that space can be
probabilistically subset to the 5 safest ones under a given performance budget.
We also show that, under equivalent configurations, FlexOS performs similarly
or better than several baselines/competitors.</description><identifier>DOI: 10.48550/arxiv.2112.06566</identifier><language>eng</language><subject>Computer Science - Operating Systems</subject><creationdate>2021-12</creationdate><rights>http://creativecommons.org/licenses/by-sa/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2112.06566$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2112.06566$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Lefeuvre, Hugo</creatorcontrib><creatorcontrib>Bădoiu, Vlad-Andrei</creatorcontrib><creatorcontrib>Jung, Alexander</creatorcontrib><creatorcontrib>Teodorescu, Stefan</creatorcontrib><creatorcontrib>Rauch, Sebastian</creatorcontrib><creatorcontrib>Huici, Felipe</creatorcontrib><creatorcontrib>Raiciu, Costin</creatorcontrib><creatorcontrib>Olivier, Pierre</creatorcontrib><title>FlexOS: Towards Flexible OS Isolation</title><description>At design time, modern operating systems are locked in a specific safety and
isolation strategy that mixes one or more hardware/software protection
mechanisms (e.g. user/kernel separation); revisiting these choices after
deployment requires a major refactoring effort. This rigid approach shows its
limits given the wide variety of modern applications' safety/performance
requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety
and isolation strategy of an OS at compilation/deployment time instead of
design time. This modular LibOS is composed of fine-grained components that can
be isolated via a range of hardware protection mechanisms with various data
sharing strategies and additional software hardening. The OS ships with an
exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and
demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast
configuration space as well as the efficiency of the exploration technique: we
evaluate 80 FlexOS configurations for Redis and show how that space can be
probabilistically subset to the 5 safest ones under a given performance budget.
We also show that, under equivalent configurations, FlexOS performs similarly
or better than several baselines/competitors.</description><subject>Computer Science - Operating Systems</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotzj0LwjAUheEsDqL-ACe7OLYmN82NdROxKhQ62L3caC4UqpVWtP578WM6vMvhEWKqZBQvjZELavvqEYFSEEk0iEMxT2vf58dVUDRPas9d8OnK1T7Ij8Gha2q6V811LAZMdecn_x2JIt0Wm32Y5bvDZp2FhBZD5fTSkrQM8enkkTVI7awDDcgMTIyWyaEGNolOJCrjwLvEJYo9xqj0SMx-t19neWurC7Wv8uMtv179Bo37OPg</recordid><startdate>20211213</startdate><enddate>20211213</enddate><creator>Lefeuvre, Hugo</creator><creator>Bădoiu, Vlad-Andrei</creator><creator>Jung, Alexander</creator><creator>Teodorescu, Stefan</creator><creator>Rauch, Sebastian</creator><creator>Huici, Felipe</creator><creator>Raiciu, Costin</creator><creator>Olivier, Pierre</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20211213</creationdate><title>FlexOS: Towards Flexible OS Isolation</title><author>Lefeuvre, Hugo ; Bădoiu, Vlad-Andrei ; Jung, Alexander ; Teodorescu, Stefan ; Rauch, Sebastian ; Huici, Felipe ; Raiciu, Costin ; Olivier, Pierre</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a676-1b387a07f24cce6f3203b7b2326ff2faf67fab632f59390615b2eb9b91fe64613</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Operating Systems</topic><toplevel>online_resources</toplevel><creatorcontrib>Lefeuvre, Hugo</creatorcontrib><creatorcontrib>Bădoiu, Vlad-Andrei</creatorcontrib><creatorcontrib>Jung, Alexander</creatorcontrib><creatorcontrib>Teodorescu, Stefan</creatorcontrib><creatorcontrib>Rauch, Sebastian</creatorcontrib><creatorcontrib>Huici, Felipe</creatorcontrib><creatorcontrib>Raiciu, Costin</creatorcontrib><creatorcontrib>Olivier, Pierre</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lefeuvre, Hugo</au><au>Bădoiu, Vlad-Andrei</au><au>Jung, Alexander</au><au>Teodorescu, Stefan</au><au>Rauch, Sebastian</au><au>Huici, Felipe</au><au>Raiciu, Costin</au><au>Olivier, Pierre</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>FlexOS: Towards Flexible OS Isolation</atitle><date>2021-12-13</date><risdate>2021</risdate><abstract>At design time, modern operating systems are locked in a specific safety and
isolation strategy that mixes one or more hardware/software protection
mechanisms (e.g. user/kernel separation); revisiting these choices after
deployment requires a major refactoring effort. This rigid approach shows its
limits given the wide variety of modern applications' safety/performance
requirements, when new hardware isolation mechanisms are rolled out, or when
existing ones break.
We present FlexOS, a novel OS allowing users to easily specialize the safety
and isolation strategy of an OS at compilation/deployment time instead of
design time. This modular LibOS is composed of fine-grained components that can
be isolated via a range of hardware protection mechanisms with various data
sharing strategies and additional software hardening. The OS ships with an
exploration technique helping the user navigate the vast safety/performance
design space it unlocks. We implement a prototype of the system and
demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast
configuration space as well as the efficiency of the exploration technique: we
evaluate 80 FlexOS configurations for Redis and show how that space can be
probabilistically subset to the 5 safest ones under a given performance budget.
We also show that, under equivalent configurations, FlexOS performs similarly
or better than several baselines/competitors.</abstract><doi>10.48550/arxiv.2112.06566</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2112.06566 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2112_06566 |
| source | arXiv.org |
| subjects | Computer Science - Operating Systems |
| title | FlexOS: Towards Flexible OS Isolation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T16%3A07%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=FlexOS:%20Towards%20Flexible%20OS%20Isolation&rft.au=Lefeuvre,%20Hugo&rft.date=2021-12-13&rft_id=info:doi/10.48550/arxiv.2112.06566&rft_dat=%3Carxiv_GOX%3E2112_06566%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |