Space-Control: Process-Level Isolation for Sharing CXL-based Disaggregated Memory

ArXiv

Memory disaggregation via Compute Express Link (CXL) enables multiple hosts to share remote memory, improving utilization for data-intensive workloads. Today, virtual memory enables process-level isolation on a host and CXL enables host-level isolation. This creates a critical security gap: the absence of process-level memory isolation in shared disaggregated memory.

We present Space-Control, a hardware-software co-design that provides fine-grained, process-level isolation for shared disaggregated memory. Space-Control authenticates execution context in the hardware and enforces access control on every memory access and amortizes lookup times with a small cache. We present Space-Control, a hardware-software co-design that provides fine-grained, process-level isolation for shared disaggregated memory. Space-Control authenticates execution context in the hardware and enforces access control on every memory access and amortizes lookup times with a small cache. Our design allows up to 127 processes running concurrently on 255 hosts to share memory with only 1.56% storage overhead. In a gem5 + Structural Simulation Toolkit (SST) based CXL model, Space-Control incurs minimal performance overhead of 3.3%, making shared disaggregated memory isolation practical.

Citation

@misc{goswami2026spacecontrolprocesslevelisolationsharing,
      title={Space-Control: Process-Level Isolation for Sharing CXL-based Disaggregated Memory}, 
      author={Kaustav Goswami and Sean Peisert and Venkatesh Akella and Jason Lowe-Power},
      year={2026},
      eprint={2603.06951},
      archivePrefix={arXiv},
      primaryClass={cs.AR},
      url={https://arxiv.org/abs/2603.06951}, 
}