Reference 1
Reference 1 Introspection in hardware. To match network connections to the application-layer while being isolated and undetected from the operating system or the hypervisor. Motivation Firewalls: external firewall: external device only connected to network cannot see the content of the target computer’s physical memory, thus cannot make decision based on what code is accessing the traffic; software-based firewall: installed on a target computer. can be the target of attacks themselves.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?