Abstract:
As software ecosystems become highly modular and third-party code is widely integrated, the traditional "all-equal" resource access model within a process has exposed severe security vulnerabilities. Relying solely on software-based security mechanisms faces inherent limitations, including performance bottlenecks, susceptibility to metadata tampering, and poor compatibility. Consequently, hardware-assisted security protection has emerged as an important development direction.
This article surveys hardware-assisted intra-process protection technologies. It first reviews existing mechanisms in commercial processors, including NX bit, CET, MPK, PAC, and MTE, identifying common issues such as the lack of an in-process trusted base, limited tag space, and the absence of system call protection. Subsequently, it systematically analyzes the latest academic research progress and development trends from four directions: pointer-level checking, compartment-based protection, system call interception, and register partitioning, summarizing the shortcomings of existing solutions. Finally, it introduces DASICS, a systematic security isolation scheme based on code segments that supports dynamic permission domain partitioning.)