First-time asker/commenter, long-time reader.
As someone who's currently doing a lot of thinking & writing about measures that might foundationally improve computer security (ie., involving not just the kind of evolutionary, fairly modest steps that most tech makers are focusing on right now, but pursuing "big leap" changes might break backwards compatibility but would make systems much more secure). I am very taken by the idea of using robust general process isolation to try to prevent user-mode programs--or, anyway, what we today call "user-mode" programs--from being able to do nasty things like trying to read/steal data being used by other user-mode programs or hitting the OS with privilege escalation attacks.
Now, there are certainly companies/organizations out there who have tried or are trying to implement robust privilege isolation schemes in software. For example, Microsoft's developmental Singularity SO that put almost everything into"sealed isolated processes" that could only communicate with each other and the OS through restrictive message-passing "contracts". (There are certainly others, including some that are in use with governments for military/intelligence high-security scenarios, I understand.) However, I suppose I'm a person who's reluctant to put tremendous trust in security defenses that aren't rooted, at the end of the day, in some sort of direct hardware-enforcement. Which brings me to my two (closely-related) questions:
First, are there any non-government, commercially produced microprocessors out there today--that are intended for multi-purpose computing; no smart card chips or something--that use instruction sets/architectures specifically designed to enforce strong process isolation/separation? (Such that not even an attack exploiting a deeply-occurring flaw in the kernel of the OS running on the device would be sufficient to result in allowing malicious code in a process from breaking out of isolation.)
Second, what sort of changes would you need to make to the x86-64 instruction set & corresponding chip architecture to make it capable of providing hardware-enforced support to strong OS isolation/separation of individual processes?
(FYI, I do know that Intel has added some proprietary security capabilities to some of their chips over the last 5-10 years, with Skylake with SGX this year suppose to bring some capabilities to isolate a given program that has high-security needs from the rest of the system. But much larger, further steps would be needed to pursue hardware-enforced isolation of, say, at minimum, all processes that today run in user-mode. Or am I wrong about that?)