A Survey of Hardware-Assisted Intra-Address Space Protections

With a similar threat model, conventional software mechanisms aimed at various levels of security can be categorized as intra-address space protection (IASP) including memory safety, control-flow integrity, syscall filtering, and isolation. When enhancing security, software-only IASP methods result in an expanded trusted computing base (TCB) and can lead to performance slowdowns, making it challenging to strike a balance between security and performance. Recent studies indicate that hardware-assisted methods enhance efficiency by encapsulating hardware primitives and utilizing specialized microarchitecture designs. They also enhance security by reducing the trusted computing base’s attack surface. However, there has been limited discussion regarding the key challenges in current hardware-assisted IASP studies. This paper conducts a comprehensive survey of hardware-assisted IASP and discusses critical design issues, such as metadata management strategies, protection comprehensiveness, protection granularity, and processor complexity. Through a qualitative analysis of existing methods, this paper summarizes the research trends in hardware-assisted IASP technologies and emphasizes the importance of isolation models, access control strategies, and cross-compartment switching in future hardware-assisted IASP designs.