A Survey of Hardware-Assisted Intra-Address Space Protection

With a similar threat model, conventional software mechanisms aimed at various levels of security—such as memory safety, control-flow integrity, syscall filtering, and software isolation—can be categorized as intra-address space protection (IASP). When enhancing security, software-only IASP methods often result in an expanded trusted computing base (TCB) and can lead to performance slowdowns, making it challenging to balance security and performance. Recent studies have shown that offloading some software protection functions to hardware not only reduces the TCB attack surface but also enhances the efficiency of protection mechanisms. Additionally, implementing protection-specific micro-architectures in hardware significantly accelerates these protection procedures. However, there has been limited discussion regarding the key challenges in current hardware-assisted IASP studies, including efficient metadata utilization, the granularity of protected objects, and implementation complexity. This paper conducts a comprehensive survey of hardware-assisted intra-address space protection and discusses critical design issues, such as metadata management strategies, protection comprehensiveness, protection granularity, and processor complexity. Through a qualitative analysis of existing methods, this paper summarizes the research trends in hardware-assisted IASP technologies and emphasizes the importance of isolation models, access control strategies, and cross-compartment switching in future hardware-assisted IASP designs.