This work addresses the security risks arising from the lack of process-level isolation in CXL-based shared memory systems. To bridge the gap between host-level and process-level isolation, the authors propose a hardware-software co-design that, for the first time, enables fine-grained process-level access control and execution context authentication in disaggregated CXL memory. The solution integrates hardware-based attestation, memory access control, and a lightweight caching acceleration mechanism. Evaluated using an SST-based simulation model, the system supports up to 127 concurrent processes with only 3.3% performance overhead, significantly enhancing both the security and efficiency of shared memory architectures.

Memory disaggregation via Compute Express Link (CXL) enables multiple hosts to share remote memory, improving utilization for data-intensive workloads. Today, virtual memory enables process-level isolation on a host and CXL enables host-level isolation. This creates a critical security gap: the absence of process-level memory isolation in shared disaggregated memory. We present Space-Control, a hardware-software co-design that provides fine-grained, process-level isolation for shared disaggregated memory. Space-Control authenticates execution context in the hardware and enforces access control on every memory access and amortizes lookup times with a small cache. Our design allows up to 127 processes Simulation Toolkit (SST) based CXL model, Space-Control incurs minimal performance overhead of 3.3%, making shared disaggregated memory isolation practical.