all InfoSec news
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version). (arXiv:2309.11151v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
In-process compartmentalization and access control have been actively
explored to provide in-place and efficient isolation of in-process security
domains. Many works have proposed compartmentalization schemes that leverage
hardware features, most notably using the new page-based memory isolation
feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the
modern ARM architecture does not have an equivalent feature. Instead, newer ARM
architectures introduced Pointer Authentication (PA) and Memory Tagging
Extension (MTE), adapting the reference validation model for memory safety and
runtime …
access access control arm called capabilities control domains feature features hardware isolation keys memory page process protection security version x86