Hciso Upd May 2026

| Feature | Traditional MMU | Intel SGX (Software Guard Extensions) | CHERI (Capability Hardware Enhanced RISC Instructions) | | | :--- | :--- | :--- | :--- | :--- | | Isolation basis | Address ranges | Encryption + software checks | Fat pointers (address + bounds + permissions) | Cryptographic keys per object | | Kernel trust | Full trust | Minimal (but side channels remain) | Moderate (MMU still present) | Zero trust for confidentiality | | Side-channel resistance | None | Weak (cache timing) | None | High (encryption+access pattern hiding) | | Object granularity | Page (4KB) | Page (4KB) | Byte/word | Arbitrary (down to bytes) | | Revocation | Page table update | Re-sealing | Bounds check | Re-encryption |