Towards isolated execution at the machine level.

Isolated execution with CPU-level protection, such as process sandboxes, virtual machines, and trusted execution environments, has long been studied to mitigate software vulnerabilities. However, the complexity of system software inevitably leads to vulnerabilities in isolated execution environments themselves, and the increase in hardware complexity makes it even more challenging to avoid hardware vulnerabilities. In this paper, we explore the possibility of isolated execution at the machine level using physically separated machines as an extreme case of isolation. We take advantage of recent hardware technologies to enable relatively low-latency communication between physical machines while dramatically reducing the attack surface and trusted computing base size compared to sharing computing resources on a single machine. As the first step in this direction, we discuss the security and performance of isolating processes to another machine with remote system calls and show its feasibility with preliminary experiments.