Camouflage: Hardware-assisted CFI for the ARM linux kernel

Remi Denis-Courmont, Hans Liljestrand, Carlos Chinea, Jan Erik Ekberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

1 Citation (Scopus)

Abstract

Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

Original languageEnglish
Title of host publication2020 57th ACM/IEEE Design Automation Conference, DAC 2020
PublisherIEEE
ISBN (Electronic)9781450367257
DOIs
Publication statusPublished - Jul 2020
MoE publication typeA4 Article in a conference publication
EventAnnual Design Automation Conference - Virtual, San Francisco, United States
Duration: 20 Jul 202024 Jul 2020
Conference number: 57

Publication series

NameProceedings - Design Automation Conference
PublisherIEEE
Volume2020-July
ISSN (Print)0738-100X

Conference

ConferenceAnnual Design Automation Conference
Abbreviated titleDAC
Country/TerritoryUnited States
CitySan Francisco
Period20/07/202024/07/2020

Fingerprint

Dive into the research topics of 'Camouflage: Hardware-assisted CFI for the ARM linux kernel'. Together they form a unique fingerprint.

Cite this