The satellite industry is undergoing a transformation where reduced costs and improved accessibility have led to a surge in satellite launches. However, traditional satellite software is often expensive, inflexible, and vulnerable to cyber threats. SpaceOS, a new operating system, aims to address these challenges with a secure, efficient, and adaptable software foundation for space applications. SpaceOS is developed by Parsimoni, where CyStar affiliated faculty KC Sivaramakrishnan serves as an advisor.

Built on OCaml and MirageOS Unikernels, SpaceOS ensures memory safety, minimizing security risks. It is highly flexible, allowing seamless updates and deployment on different satellite platforms. Unlike traditional Kubernetes-based approaches, SpaceOS is lightweight—up to 20 times smaller—reducing memory and processing requirements. Its Unikernel-based design eliminates unnecessary overhead, providing a compact, efficient runtime tailored for each application.

As a demonstration of the end-to-end capabilities, a SpaceOS prototype was launched abord the SpaceX Transporter-13 mission. Parsimoni’s SpaceOS payload is part of DPhi Space’s Clustergate-1 ride sharing platform. The demonstration payload uses SpaceOS as a secure orchestrator of Unikernel payloads. Unlike traditional payloads which are loaded at the time of integration, SpaceOS allows users to upload Unikernel payloads to the satellite in orbit. Thanks to the efficiency and security of SpaceOS, it runs multiple user payloads concurrently and securely on the same platform.

The efficiency of SpaceOS comes from the Unikernel technology, which, unlike a traditional OS like Linux or Windows, builds specialised application-kernel combination eschewing kernel components that are not necessary for the application. In the build phase, the compiler applies optimisations that cut across the application-kernel boundary, leading to more efficient code. This makes Unikernels efficient and compact with a very small attack surface. SpaceOS is also written in OCaml, a language that is memory safe, and allows correct-by-construction software that is guaranteed to have no memory safety bugs. Some widely used languages (such as C or C++) are not memory safe and, therefore, vulnerable by design. With memory-related attacks being the most common cyber attack, forming 70% of all zero-day attacks. On the whole, SpaceOS reimagines how satellite payloads are deployed with a particular focus on cybersecurity aspects.

With the rapid expansion of satellite deployments, security, efficiency, and adaptability are more critical than ever. SpaceOS, built on OCaml and MirageOS Unikernels, offers a next-generation software foundation that eliminates legacy constraints and enhances the flexibility of in-orbit operations. By demonstrating its capabilities on the Transporter-13 mission, SpaceOS proves that modern, memory-safe, and lightweight software can redefine how we think about space systems. As the industry continues to evolve, innovations like SpaceOS will play a crucial role in shaping a more secure, cost-effective, and dynamic future for satellite technology.