Software Compartmentalization Trade-Offs with Hardware Capabilities. (arXiv:2309.11332v1 [cs.CR])

Compartmentalization is a form of defensive software design in which an
application is broken down into isolated but communicating components.
Retrofitting compartmentalization into existing applications is often thought
to be expensive from the engineering effort and performance overhead points of
view. Still, recent years have seen proposals of compartmentalization methods
with promises of low engineering efforts and reduced performance impact. ARM
Morello combines a modern ARM processor with an implementation of Capability
Hardware Enhanced RISC Instructions (CHERI) aiming to provide …

application applications capabilities components defensive design down engineering hardware performance points proposals software software design thought trade