Received 05.08.2025, Revised 03.11.2025, Accepted 23.12.2025

Methodology for designing memory-safe high-performance applications using layered resource isolation

Olha Krasnozhon

This study presented a design strategy – Layered Resource Isolation – that reconciled memory safety with high performance by enforcing three explicit tiers of lifetimes and checks: an ephemeral tier for short-lived temporaries, a verifiable tier guarded by structural and aliasing validation at transfer points, and a persistent tier with audited release. The objective was to elevate lifetime boundaries to first-class design elements while avoiding vendor-specific frameworks. Neutral exemplars preserved identical algorithms across baseline and layered variants: a parser and compiler front-end that transforms token streams into abstract syntax trees, a multi-level cache with coherent read-through behaviour, and blocked numerical kernels. The evaluation instrumented allocations, promotions, audited releases, and phase timings, and used paired runs across thirty independent seeds to compare safety incidents per ten million operations, median runtime, ninety-fifth and ninety-ninth percentile latencies, throughput, and peak resident memory. Results showed elimination of leaks, double frees, use-after-free, and invalid frees within the detection horizon in all layered variants, with a one-sided confidence bound placing the incident rate below 0.11 per ten million operations. Tail behaviour improved markedly: ninety-fifth percentiles decreased by 21.8-24.9% and ninety-ninth percentiles by 22.8-27.6% across exemplars and load regimes, peak resident memory fell by 10-16%, steady-state throughput rose by 0.6-4.1%, and median runtime overhead remained near 1-2%. Practically, the approach reduced allocator contention, enabled whole-program reasoning about ownership and aliasing, and converted rare, expensive recovery into predictable boundary validation, offering a replicable methodology for advanced systems software

audited release; ownership and alias control; validation checkpoints; allocator and handle contracts; alias guards; typestate encodings
65-76
Krasnozhon, O. (2025). Methodology for designing memory-safe high-performance applications using layered resource isolation. Information Technologies and Computer Engineering, 22(3), 65-76. https://doi.org/10.31649/vitce/3.2025.65

References

[1] Abuleil, R., Murrar, S., & Shkoukani, M. (2023). An enhanced approach for realizing robust security and isolation in virtualized environments. International Journal of Advanced Computer Science and Applications, 14(11), article number 141129. doi: 10.14569/ijacsa.2023.0141129.

[2] Adak, D., Zhou, H., Rotenberg, E., & Awad, A. (2025). SpecMPK: Efficient in-process isolation with speculative and secure permission update instruction. In 2025 IEEE international symposium on high performance computer architecture (HPCA) (pp. 394-408). Las Vegas: Institute of Electrical and Electronics Engineers. doi: 10.1109/ HPCA61900.2025.00039.

[3] Amar, S., et al. (2023). CHERIoT: Complete memory safety for embedded devices. In MICRO ‘23: Proceedings of the 56th annual IEEE/ACM international symposium on microarchitecture (pp. 641-653). New York: Association for Computing Machinery. doi: 10.1145/3613424.3614266.

[4] Astrauskas, V., Bílý, A., Fiala, J., Grannan, Z., Matheja, C., Müller, P., Poli, F., & Summers, A.J. (2022). The prusti project: Formal verification for rust. In J.V. Deshmukh, K. Havelund & I. Perez (Eds.), Proceeding of the 14th international symposium “NASA formal methods” (pp. 88-108). Cham: Springer. doi: 10.1007/978-3-031-06773-0_5.

[5] Bazuku, R., Anab, A., Gyemerah, S., & Daabo, M.I. (2023). An overview of computer operating systems and emerging trends. Asian Journal of Research in Computer Science, 16(4), 161-177. doi: 10.9734/ajrcos/2023/v16i4380.

[6] Bugden, W., & Alahmar, A. (2022). The safety and performance of prominent programming languages. International Journal of Software Engineering and Knowledge Engineering, 32(5), 713-744. doi: 10.1142/s0218194022500231.

[7] Clerigo, N.D., & Teleron, J. (2025). A comparative study of memory management techniques and their optimization strategies. International Journal of Advanced Research in Arts, Science, Engineering & Management, 12(1), 39-50.

[8] Duy, K.D., Cho, K., Noh, T., & Lee, H. (2023). Capacity: Cryptographically-enforced in-process capabilities for modern ARM architectures. In CCS‘23: Proceedings of the 2023 ACM SIGSAC conference on computer and communications security (pp. 874-888). New York: Association for Computing Machinery. doi: 10.1145/3576915.3623079.

[9] Fromherz, A., & Protzenko, J. (2024). Compiling C to safe rust, formalized. ArXivdoi: 10.48550/arXiv.2412.15042.

[10] Greenspan, D., Mustafa, N.U., Delgado, A., & Bramham, C. (2024). LOaPP: Improving the performance of persistent memory objects via low-overhead at-rest PMO protection. In 2024 International symposium on secure and private execution environment design (SEED) (pp. 131-142). Orlando: Institute of Electrical and Electronics Engineers. doi: 10.1109/SEED61283.2024.00023.

[11] Gross, M., Jacob, N., Zankl, A., & Sigl, G. (2021). Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC. Journal of Cryptographic Engineering, 12(2), 181-196. doi: 10.1007/ s13389-021-00273-8.

[12] Hardin, D. (2023). Hardware/software co-assurance for the RUST programming language applied to Zero Trust architecture development. ACM SIGAda Ada Letters, 42(2), 55-61. doi: 10.1145/3591335.3591340.

[13] Huang, H., Wang, H., Rao, J., Wu, S., Fan, H., Yu, C., Jin, H., Suo, K., & Pan, L. (2024). VKernel: Enhancing container isolation via private code and data. IEEE Transactions on Computers, 73(7), 1711-1723. doi: 10.1109/ tc.2024.3383988.

[14] Jalaman, J.R.C., & Teleron, J.I. (2024). Optimizing operating system performance through advanced memory management techniques: A comprehensive study and implementation. Engineering and Technology Journal, 9(5), 4137-4143. doi: 10.47191/etj/v9i05.33.

[15] Joseph, B., & Kavitha, R. (2025). A radiation hardened in-memory computing SRAM for soft error tolerance in safety critical applications. AEU – International Journal of Electronics and Communications, 202, article number 156017. doi: 10.1016/j.aeue.2025.156017.

[16] Kim, J., & Lee, K. (2020). I/O resource isolation of public cloud serverless function runtimes for data-intensive applications. Cluster Computing, 23(3), 2249-2259. doi: 10.1007/s10586-020-03103-4.

[17] Kim, J., Lee, G., & Choi, H. (2024). Energy-efficient heterogeneous computing via normalized performance based proactive boost for embedded artificial intelligence. In 2024 IEEE international conference on consumer electronics (ICCE) (pp. 1-6). Las Vegas: Institute of Electrical and Electronics Engineers. doi: 10.1109/ ICCE59016.2024.10444347.

[18] Kothapalli, M. (2021). Securing microservices architecture: Best practices and challenges. Journal of Scientific and Engineering Research, 8(10), 187-192. doi: 10.5281/zenodo.12772079.

[19] Michael, A.E., et al. (2023). MSWasm: Soundly enforcing memory-safe execution of unsafe code. Proceedings of the ACM on Programming Languages, 7(POPL), 425-454. doi: 10.1145/3571208.

[20] Partap, A., & Boneh, D. (2022). Memory tagging: A memory efficient design. ArXiv. .doi: 10.48550/ arXiv.2209.00307.

[21] Sañudo, I., Cortimiglia, P., Miccio, L., Solieri, M., Burgio, P., Di Biagio, C., Felici, F., Nuzzo, G., & Bertogna, M. (2020). The key role of memory in next-generation embedded systems for military applications. In P. Ciancarini, M. Mazzara, A. Messina, A. Sillitti & G. Succi (Eds.), Proceedings of 6th international conference in software engineering for defence applications (pp. 275-287). Cham: Springer. doi: 10.1007/978-3-030-14687-0_25.

[22] Sharma, K., & Khurana, P. (2025). A deep dive into container security challenges, strategies, and solutions. In Proceedings of the international conference on recent advances in artificial intelligence for sustainable development (RAISD 2025) (pp. 484-495). Dordrecht: Atlantis Press. doi: 10.2991/978-94-6463-787-8_38.

[23] Ţalu, M. (2025). A comparative study of WebAssembly runtimes: performance metrics, integration challenges, application domains, and security features. Archives of Advanced Engineering Science, 1-13. doi: 10.47852/ bonviewaaes52024965.

[24] Unterguggenberger, M., Lamster, L., Schrammel, D., Schwarzl, M., & Mangard, S. (2024). TME-box: Scalable in-process isolation through intel TME-MK memory encryption. In Network and distributed system security symposium 2025: NDSS 2025 (pp. 1-16). San Diego: Network and Distributed System Security. doi: 10.14722/ ndss.2025.240277.[25]

[25] Vadisetty, R. (2024). Multi layered cloud technologies to achieve interoperability in AI. In 2024 international conference on intelligent computing and emerging communication technologies (ICEC) (pp. 1-5). Guntur: Institute of Electrical and Electronics Engineers. doi: 10.1109/ICEC59683.2024.10837471.

[26] Vaithianathan, M. (2025). Memory hierarchy optimization strategies for high-performance computing architectures. International Journal of Emerging Trends & Technology in Computer Science, 6(1), 24-35. doi: 10.63282/3050-9246. IJETCSIT-V6I1P103.

[27] Waseem, M., Ahmad, A., Liang, P., Akbar, M.A., Khan, A.A., Ahmad, I., Setälä, M., & Mikkonen, T. (2025). Containerization in multi-cloud environment: Roles, strategies, challenges, and solutions for effective implementation. Journal of Systems and Software, 230, article number 112558. doi: 10.1016/j.jss.2025.112558.

[28] Watson, R.N., et al. (2025). It is time to standardize principles and practices for software memory safety. Communications of the ACM, 68(2), 40-45. doi: 10.1145/3708553.

[29] Weis, T., Waltereit, M., & Uphoff, M. (2019). Fyr: A memory-safe and thread-safe systems programming language. In SAC ‘19: Proceedings of the 34th ACM/SIGAPP symposium on applied computing (pp. 1574-1577). New York: Association for Computing Machinery. doi: 10.1145/3297280.3299741.

[30] Wong, A.Y., Chekole, E.G., Ochoa, M., & Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers & Security, 128, article number 103140. doi: 10.1016/j.cose.2023.103140.

[31] Xu, S., Wang, Y., Lei, L., Sun, K., Jing, J., Ma, S., Wang, J., & Huang, H. (2024). Condo: Enhancing container isolation through kernel permission data protection. IEEE Transactions on Information Forensics and Security, 19, 6168-6183.doi: 10.1109/tifs.2024.3411915.

[32] Yoshimura, N., Oyama, H., & Azumi, T. (2024). TECS/Rust: Memory-safe component framework for embedded systems. In 2024 IEEE 27th international symposium on real-time distributed computing (ISORC) (pp. 1-11). Tunis: Institute of Electrical and Electronics Engineers. doi: 10.1109/ISORC61049.2024.10551370.