Memory Safe Context Switches
The article discusses techniques for memory-safe context switching, managing register states and stack pointers without introducing vulnerabilities like data leaks or corruption.
Background
- A context switch is what happens when an OS kernel pauses one process and resumes another — it saves/restores CPU register state. Most context switches today only aim for *correctness*, not *confidentiality*: they don't ensure leftover data in registers or microarchitectural state can't be read by the next process.
- The article proposes "memory safe" context switches — designs that actively scrub or protect sensitive state during switches — using capabilities from the CHERI project (a hardware/software security architecture from Cambridge & SRI) and ARM features like Pointer Authentication and Memory Tagging.
- This matters because real-world bugs like Zenbleed (AMD, 2023) showed register data leaking across context switches, and because finer-grained compartmentalization (e.g., CHERI) makes each switch boundary a security-relevant event.
- The piece is written by the CHERI team — key figures include Robert N. M. Watson (Cambridge), Peter G. Neumann (SRI), and Simon W. Moore — who have been working on capability-based security for over a decade; their work directly influenced ARM's Morello prototype.