NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

TL;DR

NanoZone introduces a scalable, lightweight memory isolation framework within Arm CCA, enabling multiple intra-process domains with minimal performance impact, enhancing security against intra-VM and kernel-space attacks.

Contribution

It extends Arm CCA with a three-tier zone model and a fast CPI mechanism, allowing unlimited intra-process domains and improved security without significant performance loss.

Findings

Successfully prototypes on Arm simulator and development boards.

Achieves approximately 20% performance overhead with 95% throughput.

Effectively isolates session keys, in-memory data, and non-volatile memory.

Abstract

Arm Confidential Computing Architecture (CCA) currently isolates at the granularity of an entire Confidential Virtual Machine (CVM), leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same process, and prior intra-enclave schemes are either too slow or incompatible with CVM-style isolation. We extend CCA with a three-tier zone model that spawns an unlimited number of lightweight isolation domains inside a single process, while shielding them from kernel-space adversaries. To block domain-switch abuse, we also add a fast user-level Code-Pointer Integrity (CPI) mechanism. We developed two prototypes: a functional version on Arm's official simulator to validate resistance against intra-process and kernel-space adversaries, and a performance variant on Arm development boards evaluated for session-key isolation within server applications, in-memory key-value protection, and non-volatile-memory data isolation. NanoZone incurs roughly a 20% performance overhead while retaining 95% throughput compared to the system without fine-grained isolation.