Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version). (arXiv:2309.11151v1 [cs.CR])

In-process compartmentalization and access control have been actively
explored to provide in-place and efficient isolation of in-process security
domains. Many works have proposed compartmentalization schemes that leverage
hardware features, most notably using the new page-based memory isolation
feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the
modern ARM architecture does not have an equivalent feature. Instead, newer ARM
architectures introduced Pointer Authentication (PA) and Memory Tagging
Extension (MTE), adapting the reference validation model for memory safety and
runtime …

access access control arm called capabilities control domains feature features hardware isolation keys memory page process protection security version x86