One of the many responsibilities of the operating system is to help
processes keep secrets from each other. Operating systems often fail in
this regard, sometimes due to factors — such as hardware bugs and user-space
vulnerabilities — that are beyond their direct control. It is thus
unsurprising that there is an increasing level of interest in ways to
improve the ability to keep data secret, perhaps even from the operating
system itself. The MAP_EXCLUSIVE
patch set from Mike Rapoport is one example of the work that is being done
in this area; it also shows that the development community has not yet
really begun to figure out how this type of feature should work.

Source: LWN.net – [$] Keeping memory contents secret