Donky: Domain Keys – Efficient In-Process Isolationfor RISC-V and x86

References:

Evaluation

Three realistic use cases:

  • Secure V8 Sandboxing;
  • Software Vaults;
  • Untrusted Third-party libraries;

Two Implementations:

  • RISC-V Ariane CPU, Synthesized on FPGA
  • Intel-MPK-based emulation for X86

Cross-domain switches are 16-116x faster than regular process context switches.

Fully protecting the mbedTLS cryptographic operations has a 4% overhead.

More

Created Dec 19, 2020 // Last Updated Dec 19, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?