Trustworthy Systems

Our Partners DARPA Collins Aerospace NIO UNSW Foundation

Lions Operating System

Secure, fast, adaptable!


A highly modular operating system for real-world embedded, IoT and cyberphysical systems that sets new standards in performance, verifiability, and adaptability to a wide range of use cases.


The seL4 microkernel is unrivalled in both its assurance as well as performance. However, its API is inherently very low-level and hard to use, and the microkernel (by design) does not provide the functionality expected from an operating system.


John Lions

We are addressing this by developing the Lions OS whose design is driven by the KISS principle: “Keep it simple, stupid!” This calls for a highly modular design, where each component provides the absolute minimum functionality the use case requires, an approach we call radical simplicity. This simplicity is not only good for robustness, it also enables push-button verification of components. Radical simplicity calls for abandoning the traditional quest for universal policies, and instead providing use-case–specific policies. The system can adapt to a different use case by replacing components with implementations optimised for the new use case. The simplicity also enables high performance by minimising the amount of code that executes to achieve a specific function.


Lions OS is named in honour of the late UNSW professor John Lions, known as the author of the Lions Book, which taught Unix to generations of programmers.

The original Unix was known for its clean and lean design, and a strong departure from prior OS designs. At TS we feel that the OS world has lost its way by forgetting the lessons from Unix, resulting in mushrooming complexity, endless critical vulnerabilities, and performance issues that are addressed by hacks and workarounds that further increase complexity. With Lions OS, we are guided by some of the principles of Unix, thus re-thinking the fundamentals of OS design.


Lions OS structure

We are designing a set of system services, each made up of simple building blocks that make best use of the underlying seL4 kernel and its features, while achieving superior performance. The building blocks are simple enough for automated verification tools (SMT solvers) to prove their implementation correctness. We are furthermore employing model checkers to verify key properties of the interaction protocols between components.

Core to this approach are simple, clean and lean designs that can be well optimised, use seL4 to the best effect, and provide templates for proper use and extension of functionality. Achieving this without sacrificing performance, while keeping the verification task simple, poses significant systems research challenges.

Building blocks

The following sub-projects presently form part of Lions OS:

TS kitty


We gratefully acknowledge the financial support for the development of Lions OS by:



Lions OS has its own documentation site.


Lions OS is available from the TS GitHub under a BSD license.

Latest News




Abstract Slides Gernot Heiser
Lions OS: secure – fast – adaptable
Everything Open, Gladstone, QLD, AU, April, 2024
Abstract Slides
Lucy Parker
The seL4 device driver framework
Talk at the 5th seL4 Summit, September, 2023
Abstract Slides
Ivan Velickovic
The seL4 Microkit
Talk at the 5th seL4 Summit, September, 2023
Abstract PDF Mathieu Paturel, Isitha Subasinghe and Gernot Heiser
First steps in verifying the seL4 Core Platform
Asia-Pacific Workshop on Systems (APSys), Seoul, KR, August, 2023
Abstract Slides
Gernot Heiser
R&D update from Trustworthy Systems
Talk at the 5th seL4 Summit, 2023
Presentation Video
Gernot Heiser, Lucy Parker, Ivan Velickovic, Peter Chubb and Ben Leslie
Can we put the "S" into IoT?
IEEE World Forum on Internet of Things, Yokohama, JP, November, 2022