2025Activity report​​Project-TeamKRAKOS

3.1.1 M1 -​ Virtualization

To achieve the​‌ stated objectives, KrakOS relies​​ primarily on virtualization. Virtualization​​​‌ is a fundamental tool​ at the heart of​‌ building computer systems. It​​ enables optimal resource utilization,​​​‌ isolation/security, uniformity in resource​ access, and facilitates the​‌ design of fault tolerance​​ techniques.

We consider virtualization​​​‌ in its original sense,​ as defined by Sacha​‌ Krakowiak: the virtualization of​​ a component is the​​​‌ design of an "ideal"​ abstraction of that component​‌ for other components or​​ users. In this definition,​​​‌ the virtualized component can​ be a physical component​‌ (device, machine or grouping​​ of machines) or software​​​‌ (a machine is a​ stack of virtual machines​‌ that goes from the​​ motherboard to the browser,​​ for example).

3.1.2 M2​​​‌ - Profiling, Tracing and‌ Monitoring

Empirical observation and‌​‌ therefore observability are at​​ the heart of systems​​​‌ research. They allow identifying‌ and understanding limitations and‌​‌ problems: bottlenecks, sources of​​ inefficiency and resource waste,​​​‌ performance anomalies, bugs and‌ complex failures (at hardware‌​‌ and software levels).

KrakOS​​ aims to contribute to​​​‌ the production of profiling‌ and tracing tools adapted‌​‌ to the modernity of​​ data centers. Among the​​​‌ challenges posed by the‌ latter, we can cite‌​‌ the stack of complex​​ and highly distributed layers.​​​‌ In a virtualized cloud‌ environment, for example, it‌​‌ is extremely difficult to​​ reconstruct the path taken​​​‌ by an I/O request‌ that traverses the virtual‌​‌ machine, host system, network,​​ storage system, and disk,​​​‌ then retraces the path‌ in reverse.

More generally,‌​‌ the evolution of latencies​​ and throughputs of emerging​​​‌ communication and storage devices,‌ coupled with strong quality‌​‌ of service constraints of​​ cloud applications, require new​​​‌ approaches allowing an acceptable‌ and flexible compromise between‌​‌ precision, efficiency, and intrusiveness​​ (code and privacy). Regarding​​​‌ privacy, for example, it‌ is necessary for data‌​‌ center operators to comply​​ with regulations (GDPR, for​​​‌ example). Monitoring tools must‌ be able to trace‌​‌ the I/O activities of​​ virtual machines without observing​​​‌ customer data.

3.2.1 A1 -​​ Machine Virtualization

KrakOS investigates​​​‌ fundamental problems in machine‌ virtualization that have become‌​‌ increasingly critical as datacenters​​ evolve toward greater heterogeneity,​​​‌ incorporate diverse hardware accelerators,‌ and face ever more‌​‌ stringent performance requirements. While​​ virtualization has been the​​​‌ cornerstone technology enabling cloud‌ computing for over two‌​‌ decades, the assumptions underlying​​ current virtualization systems—designed for​​​‌ relatively homogeneous server fleets‌ with CPU-centric workloads—are increasingly‌​‌ mismatched with modern datacenter​​ realities. These mismatches manifest​​​‌ as performance bottlenecks, operational‌ challenges, and missed opportunities‌​‌ to leverage emerging hardware​​ capabilities.

The research addresses​​​‌ five interconnected challenges. VM‌ live migration at scale‌​‌ has become problematic as​​ datacenter hardware diversifies. Migrating​​​‌ virtual machines across heterogeneous‌ hardware platforms—from older to‌​‌ newer CPU generations, between​​ different vendors' processors, or​​​‌ to systems with different‌ accelerator configurations—requires maintaining both‌​‌ functional correctness and performance​​ characteristics. Industry has highlighted​​​‌ the severity of this‌ problem: Microsoft has noted‌​‌ that hardware heterogeneity in​​ Azure contributes significantly to​​​‌ resource fragmentation, where incompatibility‌ between hosts prevents optimal‌​‌ VM placement and leads​​ to hundreds of millions​​​‌ of dollars in efficiency‌ losses. I/O virtualization efficiency‌​‌ remains a persistent challenge​​ despite decades of research.​​​‌ Current virtualization approaches impose‌ significant performance overhead on‌​‌ I/O-intensive applications due to​​ additional software layers, context​​​‌ switches between guest and‌ host, and memory copies.‌​‌ As storage devices transition​​ to NVMe SSDs and​​​‌ networking speeds reach 100+‌ Gbps, these overheads become‌​‌ increasingly unacceptable—the challenge is​​ to design virtualization mechanisms​​​‌ that approach bare-metal performance‌ while maintaining the isolation‌​‌ and management benefits that​​​‌ motivate virtualization in the​ first place.

Hardware accelerator​‌ support presents difficulties because​​ emerging accelerators like PIM​​​‌ (Processing-in-Memory), GPUs, TPUs, and​ FPGAs were designed without​‌ virtualization in mind. Each​​ accelerator type presents unique​​​‌ challenges: GPUs have complex​ memory hierarchies and scheduling​‌ requirements, PIM devices tightly​​ couple computation with memory​​​‌ access patterns, and FPGAs​ require load-time configuration that​‌ complicates sharing. Virtualizing these​​ devices while maintaining both​​​‌ performance (near-native execution speed)​ and isolation (preventing one​‌ tenant from observing or​​ interfering with another) requires​​​‌ deep co-design of hardware​ features and virtualization software.​‌ Nested virtualization—where virtual​​ machines run inside other​​​‌ virtual machines—has long been​ considered impractical for production​‌ use due to performance​​ overhead. However, nested virtualization​​​‌ is increasingly important for​ scenarios like testing cloud​‌ infrastructure, providing cloud-within-cloud services,​​ and enabling sophisticated isolation​​​‌ architectures. Building on recent​ hardware advances and algorithmic​‌ improvements, KrakOS aims to​​ make nested virtualization practical​​​‌ for production deployment. Finally,​ security challenges in virtualized​‌ environments continue to evolve​​ as attack surfaces expand​​​‌ and new vulnerability classes​ emerge. Beyond traditional concerns​‌ about hypervisor bugs that​​ could allow guest escape,​​​‌ modern threats include side-channel​ attacks that exploit shared​‌ hardware resources, malware operating​​ within guest VMs that​​​‌ must be detected from​ outside, and supply-chain attacks​‌ targeting virtualization infrastructure itself.​​

KrakOS addresses these challenges​​​‌ through coordinated research across​ multiple dimensions. The team​‌ designs and implements novel​​ I/O virtualization mechanisms that​​​‌ minimize overhead through techniques​ such as direct device​‌ assignment with enhanced isolation,​​ optimized data paths that​​​‌ reduce memory copies, and​ hardware-software co-design that leverages​‌ emerging virtualization features in​​ I/O devices. For emerging​​​‌ accelerators, KrakOS develops transparent​ virtualization approaches exemplified by​‌ the vPIM project for​​ Processing-in-Memory devices, which provides​​​‌ full virtualization support while​ maintaining near-native performance and​‌ strong isolation guarantees. The​​ team creates migration protocols​​​‌ and feasibility testing tools,​ such as MigCheck, that​‌ can predict whether a​​ VM can successfully migrate​​​‌ to a target host​ before attempting the migration—preventing​‌ failures that cause service​​ disruptions and wasted resources.​​​‌ Security is strengthened through​ multiple approaches: formal verification​‌ techniques that can prove​​ properties about critical hypervisor​​​‌ code, hardware-software co-design that​ leverages trusted execution environments​‌ and memory encryption, and​​ virtual machine introspection frameworks​​​‌ (such as GoodKit) that​ enable security monitoring from​‌ the hypervisor without compromising​​ guest privacy or performance.​​​‌ Throughout this research, KrakOS​ maintains a strong focus​‌ on open-source hypervisors—particularly Xen​​ and KVM—to ensure that​​​‌ innovations can be rapidly​ adopted in production cloud​‌ environments and benefit the​​ broader systems community rather​​​‌ than remaining theoretical contributions.​

3.2.2 A2 - Mutant​‌ Kernels and Key Abstractions​​ for Concurrency

Sub-axis 1:​​​‌ Mutant Kernels - Outsourcing​ OS Services to User​‌ Space

KrakOS studies the​​ extensibility of monolithic kernels​​​‌ through a novel approach:​ outsourcing system services and​‌ abstractions from kernel space​​ to user mode. This​​​‌ research direction is inspired​ by the microkernel philosophy​‌ but operates under fundamentally​​ different constraints and opportunities.​​​‌ While traditional microkernels aim​ for minimalism—reducing the kernel​‌ to a small, provably​​ correct core—the mutant kernel​​ approach preserves the rich​​​‌ feature set of monolithic‌ kernels that applications depend‌​‌ on while gaining the​​ flexibility, safety, and evolvability​​​‌ benefits of user-space implementation.‌ This philosophy aligns with‌​‌ recent industry trends where​​ major systems are being​​​‌ redesigned to support user-space‌ implementations of traditionally kernel-resident‌​‌ services.

Recent work in​​ the systems community demonstrates​​​‌ both the promise and‌ current limitations of this‌​‌ approach. Systems like uFS​​ 13 (file system), Snap​​​‌ 14 (networking stack), and‌ ghOSt 12 (scheduler) have‌​‌ shown that moving individual​​ services to user space​​​‌ can improve flexibility and‌ enable rapid innovation. However,‌​‌ current approaches suffer from​​ three fundamental limitations. First,​​​‌ they consider outsourcing only‌ a single service at‌​‌ a time, neglecting the​​ complex interactions between system​​​‌ services that occur in‌ real kernels. Second, they‌​‌ rely exclusively on classical​​ abstractions like the Process,​​​‌ which provides insufficient nuance‌ to distinguish between ordinary‌​‌ application code and semi-privileged​​ system services that require​​​‌ special treatment—higher scheduling priority,‌ access to privileged resources,‌​‌ and protection from interference​​ by untrusted applications. Third,​​​‌ no existing framework addresses‌ efficient and secure cooperation‌​‌ between multiple outsourced services,​​ despite the fact that​​​‌ services like memory management,‌ scheduling, and I/O must‌​‌ closely coordinate.

KrakOS addresses​​ these limitations through several​​​‌ research directions. The team‌ pursues a holistic study‌​‌ of OS service outsourcing​​ that considers multiple services​​​‌ simultaneously and their necessary‌ interactions. This requires designing‌​‌ new abstractions specifically for​​ system services—abstractions that sit​​​‌ conceptually between ordinary processes‌ and kernel code, with‌​‌ appropriate privileges, protection mechanisms,​​ and scheduling guarantees. The​​​‌ team explores using high-level‌ and provable languages (such‌​‌ as Rust or formally​​ verified subsets of C)​​​‌ for implementing these services,‌ taking advantage of user-space‌​‌ deployment to leverage stronger​​ type systems and verification​​​‌ tools than are practical‌ in kernel development. Security‌​‌ and isolation mechanisms must​​ be carefully adapted to​​​‌ the needs of semi-privileged‌ services, providing protection both‌​‌ from untrusted applications and​​ between mutually distrusting system​​​‌ services. Finally, efficient user-kernel‌ communication interfaces are essential—the‌​‌ performance overhead of crossing​​ protection boundaries must be​​​‌ minimized since system services‌ handle operations at microsecond‌​‌ granularity.

Sub-axis 2: Key​​ Abstractions for Concurrency and​​​‌ Isolation

The fundamental abstractions‌ that developers use to‌​‌ structure concurrent and distributed​​ programs have remained largely​​​‌ unchanged since their introduction‌ in the 1960s and‌​‌ 1970s. The Process abstraction,​​ introduced by Dijkstra in​​​‌ 1965 and subsequently implemented‌ in pioneering systems like‌​‌ MULTICS, provides isolated address​​ spaces and resource management.​​​‌ The Thread abstraction was‌ later derived to accommodate‌​‌ concurrent shared-memory programming within​​ a single address space.​​​‌ For over fifty years,‌ developers have been forced‌​‌ to make a static​​ choice between these two​​​‌ abstractions during application development,‌ a choice with profound‌​‌ implications for performance, scalability,​​ and fault tolerance.

This​​​‌ creates a fundamental dilemma.‌ Multi-threaded applications benefit from‌​‌ efficient communication through shared​​ memory but can only​​​‌ scale to the size‌ of a single machine—they‌​‌ cannot leverage the computational​​ resources of an entire​​​‌ datacenter. Conversely, multi-process applications‌ can scale to datacenter-scale‌​‌ by distributing work across​​​‌ many machines, but suffer​ from heavy communication overhead​‌ since inter-process communication requires​​ expensive serialization, network transmission,​​​‌ and deserialization. The challenge​ is particularly acute because​‌ developers typically lack complete​​ control over where their​​​‌ applications will be deployed—an​ application designed for a​‌ single large machine may​​ later need to scale​​​‌ across multiple machines, or​ vice versa, but the​‌ chosen abstraction is baked​​ into the application's architecture.​​​‌

KrakOS's vision, articulated in​ 15, proposes a​‌ radical rethinking of these​​ fundamental abstractions. Rather than​​​‌ forcing developers to choose​ between Processes and Threads,​‌ KrakOS designs a system​​ interface that facilitates the​​​‌ integration of new abstractions​ at the same architectural​‌ level—abstractions that can provide​​ different trade-offs between isolation,​​​‌ performance, and scalability. This​ research leverages modern hardware​‌ protection mechanisms including Intel​​ SGX (secure enclaves), Intel​​​‌ MPK (memory protection keys​ for fast domain switching),​‌ Arm TrustZone (secure execution​​ environments), and CHERI capabilities​​​‌ (hardware-enforced fine-grained memory protection).​ By separating three orthogonal​‌ concerns—execution flows (units of​​ sequential execution), protection domains​​​‌ (boundaries for isolation and​ security), and communication mechanisms​‌ (how execution flows interact)—the​​ programming interface allows applications​​​‌ to compose these elements​ in ways that match​‌ their specific needs rather​​ than being constrained by​​​‌ the Process/Thread dichotomy.

The​ research extends beyond API​‌ design to system runtime​​ implementation. KrakOS develops runtimes​​​‌ capable of dynamically selecting​ the most relevant communication​‌ and isolation mechanisms for​​ each application based on​​​‌ current deployment context, workload​ characteristics, and performance requirements.​‌ For example, when co-located​​ on a single machine,​​​‌ components might communicate through​ shared memory; when distributed,​‌ the same application might​​ transparently switch to network​​​‌ communication. This dynamic adaptation​ requires sophisticated runtime support​‌ that can make these​​ decisions efficiently and transparently.​​​‌ Finally, the team extends​ compilers and code generators​‌ to enable simplified or​​ even transparent use of​​​‌ these new abstractions, allowing​ developers to express high-level​‌ intent rather than low-level​​ mechanism choices, with the​​​‌ compiler and runtime collaborating​ to select appropriate implementations.​‌

3.2.3 A3 - Disaggregation​​

The rise of cloud​​​‌ computing, enabled by virtualization​ technologies, has paradoxically led​‌ to server fragmentation—the chronic​​ underutilization of hardware resources​​​‌ within individual servers. While​ virtualization allows multiple workloads​‌ to share a physical​​ machine, the granularity of​​​‌ allocation remains at the​ server level, leading to​‌ situations where some servers​​ have excess CPU capacity​​​‌ while others have unused​ memory, yet these resources​‌ cannot be efficiently shared​​ across server boundaries. Resource​​​‌ disaggregation addresses this fundamental​ limitation by enabling more​‌ flexible allocation of hardware​​ resources at finer granularities.​​​‌ The economic impact is​ substantial: Microsoft estimates that​‌ even a 1% reduction​​ in fragmentation within its​​​‌ Azure cloud platform would​ generate savings of hundreds​‌ of millions of dollars​​ annually 11, highlighting​​​‌ both the scale of​ the problem and the​‌ potential impact of effective​​ solutions.

KrakOS pursues research​​​‌ on two complementary approaches​ to disaggregation, each with​‌ distinct characteristics and challenges:​​ software-based (soft) disaggregation and​​​‌ hardware-based (hard) disaggregation.

3.2.4​​ A4 - Fault Tolerance​​​‌

System designers often neglect​ fault tolerance during initial​‌ development, focusing primarily on​​ functionality and performance. This​​​‌ approach can render initially​ effective solutions impractical when​‌ resilience requirements are considered,​​ necessitating costly redesigns or​​​‌ abandonment of otherwise promising​ ideas. KrakOS researchers take​‌ a different approach by​​ considering fault tolerance as​​​‌ a first-class concern from​ the design phase, integrating​‌ resilience mechanisms into the​​ fundamental architecture rather than​​​‌ retrofitting them later. The​ team has identified specific​‌ approaches to incorporate fault​​ tolerance for each of​​​‌ the three preceding research​ axes (machine virtualization, mutant​‌ kernels, and disaggregation), ensuring​​ that innovations in these​​​‌ areas can be deployed​ in production environments where​‌ failures are inevitable.

4.2.1​‌ Target Hypervisors

KrakOS focuses​​ on open-source hypervisors that​​​‌ dominate cloud deployments. Xen​ is used extensively in​‌ cloud environments, particularly valued​​ for its strong security​​​‌ properties and robust isolation​ mechanisms that enable safe​‌ multi-tenant deployments. KVM,​​ integrated directly into the​​​‌ Linux kernel, has been​ widely adopted by major​‌ cloud providers due to​​ its performance characteristics and​​ seamless integration with existing​​​‌ Linux infrastructure. By focusing‌ on these two dominant‌​‌ hypervisors, KrakOS ensures that​​ research contributions can be​​​‌ rapidly adopted in production‌ cloud environments.

4.2.2 Cloud‌​‌ Deployment Models

KrakOS research​​ addresses both private and​​​‌ public cloud deployment models,‌ each with distinct characteristics‌​‌ and requirements. In private​​ clouds, where applications​​​‌ belong to a single‌ entity, best-effort resource management‌​‌ is often permissible, allowing​​ the focus to remain​​​‌ on overall efficiency and‌ performance optimization across the‌​‌ entire infrastructure. In contrast,​​ public clouds hosting applications​​​‌ from different owners require‌ that each application receives‌​‌ its subscribed amount of​​ resources, necessitating strict isolation​​​‌ mechanisms and rigorous SLA‌ (Service Level Agreement) enforcement‌​‌ to prevent interference between​​ tenants and ensure contractual​​​‌ obligations are met.

4.2.3‌ Cloud Service Models

KrakOS‌​‌ deliberately limits its scope​​ to the most complex​​​‌ cloud service models where‌ systems research can have‌​‌ the greatest impact. Infrastructure​​ as a Service (IaaS)​​​‌ represents the traditional VM-based‌ cloud model with startup‌​‌ times on the order​​ of minutes and complex​​​‌ requirements for resource management,‌ live migration, and multi-tenant‌​‌ isolation. Function as a​​ Service (FaaS), one​​​‌ of the newest and‌ most challenging cloud models,‌​‌ demands ultra-fast startup times​​ at the microsecond scale,​​​‌ elastic scaling that can‌ respond to rapid workload‌​‌ changes, and fine-grained resource​​ allocation mechanisms that can​​​‌ efficiently multiplex short-lived function‌ invocations. The constraints of‌​‌ FaaS fundamentally challenge traditional​​ operating system and virtualization​​​‌ assumptions, making it a‌ particularly rich area for‌​‌ systems innovation.

4.5.1 Genomics and​​​‌ Bioinformatics

Through the ANR​ PicNIC project in collaboration​‌ with ICO (Institut de​​ Cancérologie de l'Ouest), KrakOS​​​‌ addresses critical challenges in​ genomic data processing. The​‌ research focuses on reducing​​ data movements in genomic​​​‌ datacenters, optimizing execution times​ for complex genomic analysis​‌ pipelines, minimizing energy consumption,​​ and improving data-intensive workload​​​‌ performance. Genomic applications present​ unique challenges with extremely​‌ large datasets ranging from​​ terabytes to petabytes, complex​​​‌ multi-stage computational pipelines with​ diverse resource requirements, I/O-intensive​‌ operations that can bottleneck​​ on storage systems, and​​​‌ critical needs for data​ locality optimization to avoid​‌ expensive data transfers. These​​ characteristics make genomics an​​​‌ ideal testbed for KrakOS​ research on disaggregation, efficient​‌ I/O, and energy-aware resource​​ management.

4.5.2 Memory-Intensive Applications​​​‌

Given fundamental memory resource​ limitations in datacenters and​‌ the need to accelerate​​ disk-intensive applications, KrakOS specifically​​​‌ targets memory-intensive workloads. Key-value​ stores such as Memcached​‌ serve as caching systems​​ that maintain critical data​​​‌ in memory for low-latency​ access, requiring efficient in-memory​‌ data structure management and​​ horizontal scalability across multiple​​​‌ servers. Graph processing applications​ perform large-scale analytics on​‌ graph structures, characterized by​​ random memory access patterns​​​‌ that challenge traditional memory​ hierarchies and demand sophisticated​‌ memory management to maintain​​ performance at scale.

4.5.3​​​‌ Microservices Architectures

Microservices have​ emerged as the dominant​‌ programming model for modern​​ Internet services, presenting both​​​‌ opportunities and challenges for​ systems research. These architectures​‌ consist of distributed, loosely-coupled​​ services that can be​​​‌ independently deployed and scaled,​ often implemented in multiple​‌ programming languages (polyglot development),​​ with complex inter-service communication​​​‌ patterns. For KrakOS research,​ microservices introduce challenges in​‌ fine-grained resource allocation (as​​ individual services may have​​​‌ vastly different resource needs),​ service discovery and intelligent​‌ routing, fault tolerance mechanisms​​ that prevent cascading failures​​​‌ across service dependencies, and​ comprehensive performance monitoring and​‌ observability that can track​​ requests across dozens of​​​‌ service invocations.

5.1.1 Participation in‌​‌ Standardization Initiatives

Nicolas Palix​​ serves as mission leader​​​‌ for "Action Monitoring" within‌ GDRS Écoinfo, the‌​‌ national research network dedicated​​ to eco-responsible digital practices.​​​‌ In this role, he‌ coordinates efforts to establish‌​‌ best practices and metrics​​ for evaluating the environmental​​​‌ impact of digital technologies‌ across French research institutions.‌​‌ The team actively contributes​​ to AFNOR SPEC 2314​​​‌ on Frugal AI,‌ working to define standards‌​‌ and best practices for​​ resource-efficient artificial intelligence. This​​​‌ standardization effort aims to‌ ensure that AI systems‌​‌ can deliver high performance​​ while minimizing computational resource​​​‌ consumption and energy usage,‌ making AI technologies more‌​‌ accessible to organizations with​​ limited infrastructure. The three-year​​​‌ IAoundé Project, funded‌ by Région AURA, focuses‌​‌ specifically on frugal AI​​ research and capacity building,​​​‌ promoting sustainable computing practices‌ particularly for resource-constrained environments‌​‌ in developing countries.

5.2.1 Leadership in DEI‌ Initiatives

Alain Tchana serves‌​‌ as a member of​​ the ACM (Association for​​​‌ Computing Machinery) Diversity, Equity,‌ and Inclusion Council,‌​‌ a prestigious appointment that​​ recognizes his leadership in​​​‌ promoting inclusive practices in‌ computing research and education.‌​‌ Through this role, Tchana​​ advocates for increased representation​​​‌ of underrepresented groups in‌ computer science research and‌​‌ education, drawing on his​​ extensive experience building partnerships​​​‌ between European and African‌ institutions. He works to‌​‌ ensure equitable access to​​ computing resources and opportunities,​​​‌ particularly for researchers and‌ students from developing countries‌​‌ who face systemic barriers​​ to participation in international​​​‌ research. Within KrakOS and‌ the broader systems research‌​‌ community, we foster inclusive​​ research practices that value​​​‌ diverse perspectives and create‌ welcoming environments for all‌​‌ researchers.

5.2.2 Gender Diversity​​ Reflection

The team engages​​​‌ in ongoing self-assessment through‌ internal discussions specifically focused‌​‌ on "how to increase​​ the number of women​​​‌ in the team," recognizing‌ that gender diversity remains‌​‌ a critical challenge in​​ systems research. KrakOS implements​​​‌ conscious recruiting practices designed‌ to encourage applications from‌​‌ underrepresented groups, including targeted​​ outreach to diverse student​​​‌ populations and careful attention‌ to inclusive language in‌​‌ job postings and internship​​ descriptions. The team prioritizes​​​‌ creating a welcoming and‌ supportive environment for all‌​‌ members, with policies that​​ promote work-life balance and​​​‌ accommodate diverse needs. While‌ the team acknowledges significant‌​‌ work remains to achieve​​ representative diversity, these ongoing​​​‌ efforts—particularly the financial commitment‌ to women interns—reflect a‌​‌ genuine commitment to structural​​ change rather than symbolic​​​‌ gestures.

7.1.1 USM‌

USM is a comprehensive‌​‌ framework for developing and​​ deploying memory management policies​​​‌ in Linux entirely in‌ userspace. Unlike traditional approaches‌​‌ where memory management policies​​ are embedded in the​​​‌ kernel, USM adopts a‌ microkernel-inspired architecture that moves‌​‌ policy implementation to userspace​​ while retaining critical mechanisms​​​‌ in the kernel. The‌ framework provides complete coverage‌​‌ of memory management aspects​​ including page allocation, page​​​‌ eviction decisions (what pages‌ to evict, when to‌​‌ evict them, and where​​​‌ to store evicted content),​ and integrated policies that​‌ coordinate these decisions. USM​​ enables rapid development and​​​‌ safe experimentation with novel​ memory management strategies without​‌ requiring kernel modifications or​​ system reboots.

The source​​​‌ code has been publicly​ released to support further​‌ research and adoption by​​ the systems community. Development​​​‌ is led by Alain​ Tchana, Renaud Lachaize, Papa​‌ Fall and Jean-Pierre Lozi.​​

7.1.2 MigCheck

MigCheck is​​​‌ a tool designed to​ test the feasibility of​‌ virtual machine migration in​​ heterogeneous hardware environments before​​​‌ actual migration attempts. The​ tool performs comprehensive analysis​‌ of hardware compatibility, examining​​ CPU instruction set architectures​​​‌ to predict potential migration​ issues. By identifying incompatibilities​‌ early, MigCheck prevents costly​​ migration failures and service​​​‌ disruptions in production cloud​ environments. The tool is​‌ currently in the maturation​​ phase and was submitted​​​‌ for LSI Carnot funding.​ Development is led by​‌ Alain Tchana, Renaud Lachaize,​​ and Kenta Ishiguro.

7.1.3​​​‌ vPIM

vPIM provides comprehensive​ virtualization support for Processing-in-Memory​‌ (PIM) devices, enabling multiple​​ virtual machines to efficiently​​​‌ share PIM hardware while​ maintaining strict isolation and​‌ performance guarantees. The system​​ implements novel scheduling and​​​‌ resource management policies specifically​ designed for the unique​‌ characteristics of PIM architectures,​​ where computation occurs directly​​​‌ within memory arrays. vPIM​ addresses critical challenges in​‌ PIM virtualization including memory​​ allocation, DPU (Data Processing​​​‌ Unit) scheduling, and performance​ isolation between co-located tenants.​‌ The source code has​​ been publicly released to​​​‌ support further research and​ adoption by the systems​‌ community. Contact: Alain Tchana.​​

7.1.4 Faho

Faho is​​​‌ an operating system specifically​ designed for UPMEM Processing-in-Memory​‌ devices, providing dynamic and​​ efficient sharing of Data​​​‌ Processing Units (DPUs) among​ multiple applications. Unlike traditional​‌ batch-oriented approaches, Faho implements​​ time-sharing mechanisms that allow​​​‌ unpredictable job arrivals to​ be handled efficiently while​‌ maintaining fairness and high​​ utilization. The system includes​​​‌ sophisticated scheduling algorithms that​ account for the unique​‌ characteristics of PIM hardware,​​ including limited on-chip memory​​​‌ and the cost of​ data movement between host​‌ and PIM devices. Faho's​​ source code is publicly​​​‌ available, facilitating integration into​ existing PIM-based systems. Development​‌ is led by Alain​​ Tchana and Renaud Lachaize.​​​‌

7.1.5 GoodKit

GoodKit provides​ an efficient and robust​‌ virtual machine introspection framework​​ that enables security monitoring,​​​‌ debugging, and analysis of​ guest VM. The framework​‌ is designed to minimize​​ performance overhead while providing​​​‌ comprehensive visibility into VM​ internals, including memory access​‌ patterns, system call activity,​​ and kernel data structures.​​​‌ GoodKit addresses the semantic​ gap problem that traditionally​‌ plagues VM introspection by​​ maintaining high-level semantic information​​​‌ about guest OS structures.​ This capability is essential​‌ for security applications such​​ as intrusion detection, malware​​​‌ analysis, and compliance monitoring​ in cloud environments. The​‌ source code is publicly​​ available. Development is led​​​‌ by Alain Tchana and​ Renaud Lachaize.

7.1.6 B-Side​‌

B-Side performs sophisticated binary-level​​ static identification of system​​​‌ calls in compiled applications,​ enabling security analysis and​‌ monitoring without requiring access​​ to source code. The​​​‌ tool employs advanced program​ analysis techniques including control​‌ flow reconstruction, symbolic execution,​​ and pattern matching to​​ accurately identify system call​​​‌ sites even in heavily‌ optimized or obfuscated binaries.‌​‌ B-Side is particularly valuable​​ for security auditing of​​​‌ closed-source software, legacy applications,‌ and potentially malicious code‌​‌ where source access is​​ unavailable. Contact: Alain Tchana.​​​‌

7.1.7 P4Cemaker

P4CEMaker is‌ a novel system designed‌​‌ to semiautomatically accelerate existing​​ RDMA-based consensus protocols through​​​‌ the use of a‌ programmable switch. We demonstrated‌​‌ the usefulness of P4CEMaker​​ by accelerating four different​​​‌ consensus protocols, achieving up‌ to 2 times performance‌​‌ improvement in around a​​ day of work per​​​‌ protocol. Contact: Baptiste Lepers.‌

7.1.8 DirtBuster

DirtBuster is‌​‌ a tool that identifies​​ scenarios in which the​​​‌ CPU caches perform suboptimally.‌ CPU caches have been‌​‌ heavily optimized to cache​​ DRAM, but are not​​​‌ increasingly used to cache‌ data coming from other‌​‌ memory devices (e.g., persistent​​ memory, CXL memory, FPGA​​​‌ memory). In such scenarios,‌ caches may perform suboptimally.‌​‌ By using a combination​​ of static and dynamic​​​‌ analysis, DirtBuster identifies applications‌ and code regions that‌​‌ are likely to suffer​​ from suboptimal cache behavior.​​​‌ Developers can then add‌ hints to direct the‌​‌ cache (these hints are​​ also suggested by DirtBuster).​​​‌ Contact: Baptiste Lepers.

7.2.1 IBARA‌​‌ - Portable Micro-Cluster for​​ Africa

IBARA is a​​​‌ portable and autonomous micro-cluster‌ specifically designed for teaching,‌​‌ research, and service hosting​​ in countries facing electrical​​​‌ infrastructure challenges. This innovative‌ platform integrates high-performance micro-computers‌​‌ within a compact transportable​​ suitcase, enabling rapid deployment​​​‌ of computing capabilities in‌ isolated locations or areas‌​‌ with severe electricity deficits.​​

IBARA's distinguishing feature is​​​‌ its hybrid power system‌ guaranteeing uninterrupted operation. The‌​‌ platform operates on mains​​ electricity when available, automatically​​​‌ switches to a storage‌ battery (automotive-type) during power‌​‌ outages, and maintains battery​​ charge through an integrated​​​‌ foldable solar panel, enabling‌ completely off-grid operation. This‌​‌ design addresses the reality​​ of frequent power interruptions​​​‌ in many African regions‌ while providing the reliable‌​‌ computing infrastructure essential for​​ modern education and research.​​​‌

Within the IAoundé project‌ framework, IBARA enables KrakOS‌​‌ to deliver hands-on teaching​​ on cloud computing, virtualization,​​​‌ and distributed systems at‌ partner universities (University of‌​‌ Yaoundé 1, ENSPY) without​​ requiring expensive datacenter infrastructure.​​​‌ Students gain practical experience‌ with modern technologies—virtual machines,‌​‌ distributed applications, container orchestration—using​​ a system designed for​​​‌ their specific infrastructural constraints.‌ As a research platform,‌​‌ IBARA supports experiments on​​ energy-aware scheduling, resilient system​​​‌ design, and efficient resource‌ utilization, aligning with KrakOS's‌​‌ work on green computing​​ while addressing real-world deployment​​​‌ challenges. The platform also‌ provides practical hosting capabilities‌​‌ for local university services,​​ reducing dependence on distant​​​‌ cloud providers and supporting‌ digital sovereignty.

Key Features:‌​‌ Portable micro-cluster in transportable​​ suitcase; hybrid power (mains/battery/solar);​​​‌ autonomous operation in isolated‌ locations; supports teaching, research,‌​‌ and local hosting

7.2.2​​ Grid'5000

KrakOS extensively uses​​​‌ Grid'5000, a large-scale distributed‌ computing testbed for experimental‌​‌ research. The platform provides​​ access to diverse hardware​​​‌ configurations essential for validating‌ virtualization and resource management‌​‌ research.

7.2.3 SLICES-FR

The​​ team participates in SLICES-FR,​​​‌ the French component of‌ the European SLICES infrastructure‌​‌ for large-scale experimental research​​​‌ in networking, distributed computing,​ and IoT.

8.9.1 IBARA​​ - Portable Micro-Cluster for​​​‌ teaching

IBARA is a​ portable and autonomous micro-cluster​‌ specifically designed for teaching,​​ cloud and big data​​​‌ research, and hosting services​ in African countries. This​‌ innovative platform addresses a​​ critical challenge: providing reliable​​​‌ computing infrastructure in environments​ with unstable or unavailable​‌ electrical power. IBARA integrates​​ a set of high-performance​​​‌ micro-computers within a compact,​ easily transportable suitcase, making​‌ it an ideal solution​​ for rapid deployment of​​​‌ computing capabilities in isolated​ locations or areas with​‌ severe electricity deficits.

The​​ platform's major strength lies​​​‌ in its hybrid power​ system that guarantees uninterrupted​‌ operation under varying power​​ conditions. When standard electrical​​​‌ current is available, IBARA​ operates on mains power​‌ like conventional computing infrastructure.​​ However, when power outages​​​‌ occur—a frequent occurrence in​ many African regions—the system​‌ immediately switches to a​​ storage battery (automotive-type battery)​​​‌ ensuring continuous operation without​ data loss or service​‌ interruption. To maintain long-term​​ autonomy, the battery is​​​‌ kept charged through a​ small foldable solar panel​‌ that can be integrated​​ into the suitcase or​​​‌ connected externally, enabling completely​ off-grid operation in sunny​‌ conditions typical of many​​ African deployments.

Participants: Blandine​​​‌ Ntchoutta, Alain Tchana​.

10.1.1 Associated Teams‌

• University of British Columbia‌​‌ (Canada). KrakOS has​​ submitted a proposal for​​​‌ an Inria Associated Team‌ with Mohammad Shahrad at‌​‌ the University of British​​ Columbia, focusing on​​​‌ responsible cloud computing with‌ emphasis on energy efficiency,‌​‌ carbon-aware scheduling, and sustainable​​ datacenter operations. The proposal​​​‌ is currently under review.‌
• The Cameroon (ENSPY, University‌​‌ of Yaoundé). An​​ Inria Associated Team with​​​‌ Thomas Bouetou at ENSPY‌ and University of Yaoundé‌​‌ 1 has been accepted,​​ centered on frugal AI​​​‌ research and capacity building‌ in resource-constrained environments. This‌​‌ partnership strengthens long-term collaboration​​ with Cameroonian institutions and​​​‌ supports the IAoundé project‌ objectives.
• The University of‌​‌ Sydney (Australia). The​​ team established an Inria​​​‌ Associated Team with Vincent‌ Gramoli at the University‌​‌ of Sydney, focusing​​ on blockchain systems, distributed​​​‌ consensus protocols, and high-performance‌ distributed ledger technologies. This‌​‌ collaboration includes co-supervision of​​ PhD student Paul Breuil​​​‌ and facilitates student mobility‌ between France and Australia.‌​‌ In addition, Xiaoxiang Wu​​ and Yuben Yang, two​​​‌ PhD students of Baptiste‌ Lepers (hired before Baptiste‌​‌ joints the team) during​​ six months.

10.1.2 Other​​​‌ International Collaborations

• The IAoundé‌ project, funded by‌​‌ the PAI AURA, establishes​​ a formal collaboration with​​​‌ Cameroonian institutions including University‌ of Yaoundé 1 and‌​‌ ENSPY, promoting frugal computing​​ research. Seven researchers from​​​‌ Cameroon visited us during‌ the year and we‌​‌ realized eight visits in​​ Cameroon.
• KrakOS collaborates with​​​‌ Pierre Olivier at the‌ University of Manchester, UK‌​‌, on operating systems​​ and virtualization research, including​​​‌ co-supervision of PhD students‌ and joint publications on‌​‌ systems security.
• The team​​ partners with Pascal Felber​​​‌ at the University of‌ Neuchâtel, Switzerland, on‌​‌ leveraging modern hardware features​​ for improving performance.
• Collaboration​​​‌ with Natacha Crooks at‌ UC Berkeley, USA,‌​‌ is supported by the​​ France Berkeley Fund, focusing​​​‌ on building a uniform‌ framework for memory management‌​‌ and thread scheduling.
• Adam​​ Belay at MIT hosted​​​‌ Alain Tchana for research‌ discussions on operating systems‌​‌ for microsecond-scale computing and​​ datacenter efficiency.
• The team​​​‌ has collaboration with Timothy‌ Roscoe at ETH Zurich,‌​‌ Switzerland, with multiple​​​‌ research visits by Alain​ Tchana, Baptiste Lepers, and​‌ Maxime Collette, exploring systems​​ architecture and hardware-software co-design.​​​‌
• KrakOs collaborates with the​ team of Fumio Machida​‌ (University of Tsukuba) on​​ the modeling of performance​​​‌ anomalies in micro-services applications.​ Gabriel Antunes Grabber visited​‌ the team for 3​​ months (April-June 2025) thanks​​​‌ to a UGA Idex​ formation grant.

10.2.1 ANR Projects​​

• The ANR PRCE YUPIM​​​‌ project, led by​ Principal Investigator Alain Tchana,​‌ is currently ongoing and​​ focuses on advancing Processing-in-Memory​​​‌ virtualization technologies for next-generation​ cloud infrastructures.
• ANR PRME​‌ KNext, under the​​ leadership of Baptiste Lepers,​​​‌ was submitted to develop​ next-generation kernel architectures that​‌ leverage emerging hardware features​​ and new concurrency abstractions​​​‌ for improved performance and​ security.
• The ANR PRC​‌ XRay project, with​​ Nicolas Palix as Scientific​​​‌ Responsible, was submitted to​ develop advanced static analysis​‌ tools for Linux kernel​​ code, improving security and​​​‌ reliability through automated verification​ techniques.

10.2.2 PEPR Projects​‌

• KrakOS is actively involved​​ in the PEPR Cloud​​​‌, contributing to three​ projects: DIVA, STEEL, and​‌ TARANIS.

10.2.3 Inria Challenges​​ (Défis)

• The Défi Inria​​​‌ OS (Operating Systems Challenge)​ provided substantial support to​‌ KrakOS, funding three PhD​​ theses, one postdoctoral position,​​​‌ and two six-month engineering​ positions, enabling the team​‌ to pursue ambitious research​​ directions in modern operating​​​‌ systems design.

10.2.4 Regional​ Projects

• KrakOS received funding​‌ from Région Auvergne-Rhône-Alpes for​​ the three-year IAoundé project​​​‌ focused on frugal AI​ research, strengthening partnerships with​‌ African institutions and promoting​​ sustainable computing practices in​​​‌ resource-constrained environments. We have​ also received funding from​‌ the UGA International Research​​ Booster for the same​​​‌ collaboration.
• Two LIG Émergence​ projects were accepted.
• KrakOS​‌ received funding from LabEx​​ Persyval-Lab for research on​​​‌ virtualization of UPMEM Processing-in-Memory​ (PIM) technology, advancing the​‌ integration of emerging memory-centric​​ computing architectures into cloud​​​‌ environments.

11.4.1 Teaching

All‌​‌ permanent team members are​​ faculty members (enseignants-chercheurs) with​​​‌ teaching responsibilities at Université‌ Grenoble Alpes and Grenoble‌​‌ INP.

To broaden the​​ recruitment sphere, team members​​​‌ also teach at institutions‌ beyond Grenoble, including ENS‌​‌ de Lyon, attracting talented​​ students from diverse academic​​​‌ backgrounds to systems research.‌

In addition to their‌​‌ national teaching responsibilities, team​​ members regularly conduct teaching​​​‌ missions abroad, particularly at‌ partner universities in Cameroon‌​‌ such as University of​​ Yaoundé 1 and ENSPY,​​​‌ where they deliver courses‌ on operating systems, virtualization,‌​‌ and distributed systems.

11.4.2​​ Supervision

The team supervised​​​‌ 18 PhD students in‌ 2024, 3 postdocs, and‌​‌ more than 20 interns.​​ KrakOS maintains a very​​​‌ open internship policy, recognizing‌ that internships are an‌​‌ essential pathway for engaging​​​‌ students in systems research​ and cultivating the next​‌ generation of researchers in​​ operating systems and distributed​​​‌ computing. The team also​ runs a mentoring program​‌ for students in Cameroon,​​ providing guidance and support​​​‌ to students at partner​ universities such as University​‌ of Yaoundé 1 and​​ ENSPY, helping them develop​​​‌ research skills and pursue​ advanced studies in computer​‌ systems.

International journals

• 1​ articleY.Yves Kone​‌, L.Louis Duval​​, R.Renaud Lachaize​​​‌, P.Pascal Felber​, D.Daniel Hagimont​‌ and A.Alain Tchana​​. Understanding Intel User​​​‌ Interrupts.Proceedings of​ the ACM on Measurement​‌ and Analysis of Computing​​ Systems 92June​​​‌ 2025, 1-32HAL​DOI

International peer-reviewed conferences​‌

• 2 inproceedingsP.Paul​​ Breuil and B.Baptiste​​​‌ Lepers. P4CEMaker: automated​ hardware acceleration of consensus​‌ protocols.ICDCS 2025​​ - IEEE 45th International​​​‌ Conference on Distributed Computing​ SystemsGlasgow, United Kingdom​‌IEEEJuly 2025,​​ 681-691HALDOI
• 3​​​‌ inproceedingsB.Brice Ekane​, D.Djob Mvondo​‌, R.Renaud Lachaize​​, Y.-D.Yérom-David Bromberg​​​‌, A.Alain Tchana​ and D.Daniel Hagimont​‌. DISC: Backpressure Mitigation​​ In Multi-tier Applications With​​​‌ Distributed Shared Connection.​Proceedings of the 22nd​‌ USENIX Symposium on Networked​​ Systems Design and Implementation​​​‌ (NSDI 25)NSDI 2025​ - 22nd USENIX Symposium​‌ on Networked Systems Design​​ and ImplementationPhiladelphia (Pennsylvania),​​​‌ United StatesApril 2025​, 55-70HAL
• 4​‌ inproceedingsK.Kenta Ishiguro​​, K.Kohei Hayama​​​‌, A.Ayase Yokoyama​, H.Hiroshi Yamada​‌ and T.Toshio Hirotsu​​. Nesting Overlay File​​​‌ Systems with ShadowWhiteout.​APSys '25: 16th ACM​‌ SIGOPS Asia-Pacific Workshop on​​ SystemsSeoul, South Korea​​​‌ACMOctober 2025,​ 15-21HALDOI
• 5​‌ inproceedingsG.Gabriel Job​​ Antunes Grabher, F.​​​‌Fumio Machida and T.​Thomas Ropars. Modeling​‌ Anomaly Detection in Cloud​​ Services: Analysis of the​​​‌ Properties that Impact Latency​ and Resource Consumption.​‌Proceedings of the IEEE/ACM​​ 18th International Conference on​​​‌ Utility and Cloud Computing​UCC 2025 - IEEE/ACM​‌ 18th International Conference on​​ Utility and Cloud Computing​​​‌Nantes, France2025,​ 1-10HALDOI
• 6​‌ inproceedingsY.Yves Kone​​, L.Louis Duval​​​‌, R.Renaud Lachaize​, P.Pascal Felber​‌, D.Daniel Hagimont​​ and A.Alain Tchana​​​‌. Understanding Intel User​ Interrupts.Abstracts of​‌ the 2025 ACM SIGMETRICS​​ International Conference on Measurement​​​‌ and Modeling of Computer​ SystemsSIGMETRICS 2025 -​‌ ACM SIGMETRICS International Conference​​ on Measurement and Modeling​​​‌ of Computer Systems53​1Stony Brook, United​‌ StatesACMJune 2025​​, 127-129HALDOI​​​‌
• 7 inproceedingsJ.Jakob​ Nibler and T.Thomas​‌ Ropars. Carbon Footprint​​ of Storage in Data​​​‌ Centers: the Impact of​ Using Ssds for Key-Value​‌ Stores.2025 IEEE​​ 25th International Symposium on​​​‌ Cluster, Cloud and Internet​ Computing (CCGrid), ProceedingsCCGrid​‌ 2025 - IEEE 25th​​ International Symposium on Cluster,​​​‌ Cloud and Internet Computing​Tromsø, NorwayIEEEMay​‌ 2025, 305-314HAL​​DOI
• 8 inproceedingsA.​​Alain Tchana, J.​​​‌Jordan Gounou, P.‌ A.Papa Assane Fall‌​‌, R.Renaud Lachaize​​, H.Hippolyte Tapamo​​​‌, C. P.Celestin‌ Parfait Bessala Bessala and‌​‌ V.Vivien Quema.​​ Crazy : Unifying Memory​​​‌ and CPU Management Subsystems‌.APSys '25: 16th‌​‌ ACM SIGOPS Asia-Pacific Workshop​​ on SystemsSeoul (Korea),​​​‌ South KoreaACMOctober‌ 2025, 1-7HAL‌​‌DOI
• 9 inproceedingsX.​​Xiaoxiang Wu, B.​​​‌Baptiste Lepers and W.‌Willy Zwaenepoel. Pre-Stores:‌​‌ Proactive Software-guided Movement of​​ Data Down the Memory​​​‌ Hierarchy.https://dl.acm.org/doi/pdf/10.1145/3689031.3696097EuroSys‌ 2025 - Twentieth European‌​‌ Conference on Computer Systems​​Rotterdam, NetherlandsACMMarch​​​‌ 2025, 1161-1176HAL‌DOI

Reports & preprints‌​‌

• 10 reportI.Ilhem​​ Fajjari, Y.Yannick​​​‌ Nzali Koagne, J.‌Joaquim Soares and V.‌​‌Vania Marangozova. D​​ 4.2-1 Use Case Prototypes​​​‌.Université Grenoble Alpes;‌ Orange Innovation; Orange Direction‌​‌ EOLASMarch 2025HAL​​