Limitations and Opportunities of Modern Hardware Isolation Mechanisms

Explore an in-depth analysis of modern hardware isolation mechanisms in this 20-minute conference talk from USENIX ATC '24. Delve into the advantages and limitations of recent CPU technologies like Intel memory protection keys (MPK), ARM pointer authentication (PAC), ARM memory tagging extensions (MTE), and ARM Morello capabilities. Examine their suitability for isolating subsystems with tight performance budgets. Discover why these nascent technologies, despite being a significant step forward, still lack critical design principles for low-overhead isolation enforcement, zero-copy data exchange, and secure access permission revocation. Gain insights into the future of hardware-supported isolation for various systems, including browser plugins, device drivers, kernel extensions, user-defined database and network functions, and serverless cloud platforms.