Trustworthy Systems

Lions Operating System

Fast, secure, adaptable!


A highly modular operating system for real-world embedded, IoT and cyberphysical systems that sets new standards in performance, verifiability, and adaptability to a wide range of use cases.


The seL4 microkernel is unrivalled in both its assurance as well as performance. However, its API is inherently very low-level and hard to use, and the microkernel (by design) does not provide the functionality expected from an operating system.


John Lions

We are addressing this by developing the Lions OS whose design is driven by the KISS principle: “Keep it simple, stupid!” This calls for a highly modular design, where each component provides the absolute minimum functionality the use case requires, an approach we call radical simplicity. This simplicity is not only good for robustness, it also enables push-button verification of components. Radical simplicity calls for abandoning the traditional quest for universal policies, and instead providing use-case–specific policies. The system can adapt to a different use case by replacing components with implementations optimised for the new use case. The simplicity also enables high performance by minimising the amount of code that executes to achieve a specific function.


Lions OS is named in honour of the late UNSW professor John Lions, known as the author of the Lions Book, which taught Unix to generations of programmers.

The original Unix was known for its clean and lean design, and a strong departure from prior OS designs. At TS we feel that the OS world has lost its way by forgetting the lessons from Unix, resulting in mushrooming complexity, endless critical vulnerabilities, and performance issues that are addressed by hacks and workarounds that further increase complexity. With Lions OS, we are guided by some of the principles of Unix, thus re-thinking the fundamentals of OS design.


We are designing a set of system services, each made up of simple building blocks that make best use of the underlying seL4 kernel and its features, while achieving superior performance. The building blocks are simple enough for automated verification tools (SMT solvers) to prove their implementation correctness. We are furthermore employing model checkers to verify key properties of the interaction protocols between components.

Core to this approach are simple, clean and lean designs that can be well optimised, use seL4 to the best effect, and provide templates for proper use and extension of functionality. Achieving this without sacrificing performance, while keeping the verification task simple, poses significant systems research challenges.

Building blocks

The following sub-projects presently form part of Lions OS:

Latest News





Abstract Slides
Gernot Heiser
R&D update from Trustworthy Systems
Talk at the 5th seL4 Summit, 2023