An open-source, minimal secure processor

Sanctum offers strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of indirect software attacks that infer private information from a program's memory access patterns (via caches, page tables, and other shared resources). We follow a principled approach to eliminating entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks, to achieve strong security guarantees at a reasonable overhead.