[Abstract]

OS-level virtualization (e.g., Linux containers) has become a cornerstone of modern cloud systems. While it offers the illusion of isolated kernels for processes, these processes share the same underlying kernel, raising critical concerns around security, fault isolation, and the inability to customize kernels. Existing solutions address these issues by employing virtual machines that isolate kernels; however, these approaches incur significant performance overhead.

To provide strong isolation and customizability, we propose CofferOS, a new kernel for OS-level virtualization. By combining structural encapsulation with Rust’s memory safety guarantees, CofferOS eliminates shared kernel state among containers. A container is implemented as a single class, called a Coffer, which encapsulates the entire kernel state of the container. Each running container is instantiated as an independent Coffer instance, enabling complete isolation without shared mutable state. Furthermore, CofferOS introduces a Personality mechanism, enabling kernel customization for individual containers through a modular and pluggable design.

Beyond conventional containerized workloads, we argue that these properties make CofferOS a natural foundation for agentic operating systems. Emerging agentic applications—such as autonomous AI agents, tool-using LLMs, and long-running adaptive services—require per-agent isolation, fine-grained control over kernel behavior, and the ability to evolve system policies dynamically. CofferOS enables each agent to execute within its own customized kernel instance, with a tailored Personality that governs resource management, isolation policies, and system semantics, while avoiding the heavy overhead of full virtual machines. This design allows the OS to treat agents as first-class entities, rather than mere processes, bridging the gap between OS-level abstractions and agent-centric execution models.

We implement CofferOS and demonstrate performance comparable to Linux containers across a range of workloads. Our evaluation shows that CofferOS provides strong security and fault isolation, flexible kernel customization, and a viable path toward agent-centric system design, highlighting its practicality as both a next-generation container OS and a substrate for future agentic operating systems.

[Biography]

권영진 교수는 KAIST 전산학부 부교수로, Computer Architecture and Systems Lab (CASYS) 멤버로 활동하고 있습니다. 권영진 교수는 운영체제와 인공지능 시스템, 가상화 등 시스템 소프트웨어 바탕으로 대규모 컴퓨팅 환경의 성능, 효율, 신뢰성을 높이는 연구를 하고 있습니다. 특히 새로운 하드웨어 기술과 시스템 스택을 함께 설계하는 관점에서, 실제 서비스 환경에서 사용가능한 최적화와 설계를 지향하고 있습니다.

그의 연구 성과는 SOSP 2024 및 2021, ATC 2018 최우수 논문상 수상으로 인정받았습니다.

또한 KAIST EWON Endowed Chair Professor, 교육혁신상, KAIST Breakthrough 선정, Technology Innovation Award, KAIST Research Achievements 선정, Google Research Scholar Award 등을 수상했습니다. 학술 커뮤니티에서는 SOSP 2025 General Co Chair, APSys 2026 Program Co Chair 등 주요 국제 학회의 운영과 프로그램 구성에도 적극 참여하고 있습니다