Capstone: A Capability-based Foundation for Trustless Secure Memory Access (Extended Version). (arXiv:2302.13863v2 [cs.CR] UPDATED)

Capability-based memory isolation is a promising new architectural primitive.
Software can access low-level memory only via capability handles rather than
raw pointers, which provides a natural interface to enforce security
restrictions. Existing architectural capability designs such as CHERI provide
spatial safety, but fail to extend to other memory models that
security-sensitive software designs may desire. In this paper, we propose
Capstone, a more expressive architectural capability design that supports
multiple existing memory isolation models in a trustless setup, i.e., without …

access cheri fail foundation interface isolation low may memory restrictions safety security software version