Unikel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’ heel of unikel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key (Intel MPK),to provide lightweight and efficient isolation for multi-process in unikel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’ performance.