Late breaking results: Authenticated call stack

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Researchers

Research units

  • Huawei Technologies Oy

Abstract

Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

Details

Original languageEnglish
Title of host publicationProceedings of the 56th Annual Design Automation Conference 2019, DAC 2019
Publication statusPublished - 2 Jun 2019
MoE publication typeA4 Article in a conference publication
EventAnnual Design Automation Conference - Las Vegas, United States
Duration: 2 Jun 20196 Jun 2019
Conference number: 56

Publication series

NameProceedings - Design Automation Conference
ISSN (Print)0738-100X

Conference

ConferenceAnnual Design Automation Conference
Abbreviated titleDAC
CountryUnited States
CityLas Vegas
Period02/06/201906/06/2019

ID: 36960618