Hardware-assisted in-process compartmentalization is an effective method for addressing security threats within complex software applications. This paper proposes DASICS, an efficient design of hardware-assisted in-process compartmentalization, including flexible permission management, sufficient security metadata protection, complete resource access control, and little hardware-to-software ABI modification requirements. DASICS divides the process into trusted and untrusted region and uses boundary registers and user-level interrupts to achieve dynamic permission management, thereby avoiding the overhead of privilege-level switching in traditional methods.
We implemented a hardware prototype of DASICS on the RISC-V XiangShan out-of-order processor and validated its effectiveness on FPGA. Experimental results show that DASICS incurs an average performance overhead of only 1.53% in SPECint2006 tests while effectively defending against common vulnerabilities such as stack/heap overflows and control-flow hijacking in security test suite.