Title
Memory Capabilities with MMU-Acceleration for Secure and Fast IPC


Authors
Niklas	Gollenstede	gollenstede@ibr.cs.tu-bs.de	Germany	Technische Universität Braunschweig
Sören	Tempel	tempel@ibr.cs.tu-bs.de	Germany	Technische Universität Braunschweig		
Lars	Wrenger	wrenger@sra.uni-hannover.de	Germany	Leibniz Universität Hannover		
Daniel	Lohmann	lohmann@sra.uni-hannover.de	Germany	Leibniz Universität Hannover		
Christian	Dietrich	dietrich@ibr.cs.tu-bs.de	Germany	Technische Universität Braunschweig


Abstract
Inter-process communication (IPC) is critical for securely exchanging information across isolated processes, particularly within strongly compartmentalized environments. Yet traditional synchronous techniques are constrained in payload capacity and do not scale efficiently across multiple cores; shared-memory solutions either incur substantial synchronization costs or introduce time-of-check to time-of-use (TOCTOU) weaknesses.
We propose Memory Mapped Capabilities as a novel operating system abstraction enabling high-performance, secure, zero-copy asynchronous IPC. At a conceptual level, they are globally unique capabilities referencing a buffer located in shared memory. In practice, they operate by granting and revoking permissions to specific memory pages within the participating address spaces; access validation occurs transparently through the MMU, eliminating the need for kernel intervention.
Our prototype built on Linux demonstrates that our IPC surpass Linux pipes by 63% with four concurrent in-flight messages and by as much as 221% with 64 in-flight messages.