Camouflage: Hardware-assisted CFI for the ARM linux kernel

Remi Denis-Courmont, Hans Liljestrand, Carlos Chinea, Jan Erik Ekberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

8 Citations (Scopus)


Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

Original languageEnglish
Title of host publication2020 57th ACM/IEEE Design Automation Conference, DAC 2020
ISBN (Electronic)9781450367257
Publication statusPublished - Jul 2020
MoE publication typeA4 Article in a conference publication
EventAnnual Design Automation Conference - Virtual, San Francisco, United States
Duration: 20 Jul 202024 Jul 2020
Conference number: 57

Publication series

NameProceedings - Design Automation Conference
ISSN (Print)0738-100X


ConferenceAnnual Design Automation Conference
Abbreviated titleDAC
Country/TerritoryUnited States
CitySan Francisco


Dive into the research topics of 'Camouflage: Hardware-assisted CFI for the ARM linux kernel'. Together they form a unique fingerprint.

Cite this