[$] Keeping memory contents secret

One of the many responsibilities of the operating system is to helpprocesses keep secrets from each other. Operating systems often fail inthis regard, sometimes due to factors - such as hardware bugs and user-spacevulnerabilities - that are beyond their direct control. It is thusunsurprising that there is an increasing level of interest in ways toimprove the ability to keep data secret, perhaps even from the operatingsystem itself. The MAP_EXCLUSIVEpatch set from Mike Rapoport is one example of the work that is being donein this area; it also shows that the development community has not yetreally begun to figure out how this type of feature should work.