Late breaking results: Authenticated call stack

Hans Liljestrand; Thomas Nyman; Jan Erik Ekberg; N. Asokan

doi:10.1145/3316781.3322469

Late breaking results: Authenticated call stack

Hans Liljestrand, Thomas Nyman, Jan Erik Ekberg, N. Asokan

Huawei Technologies

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

3 Citations (Scopus)

209 Downloads (Pure)

Abstract

Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

Original language	English
Title of host publication	Proceedings of the 56th Annual Design Automation Conference 2019, DAC 2019
Publisher	ACM
Number of pages	2
ISBN (Electronic)	978-1-4503-6725-7
ISBN (Print)	978-1-7281-2426-1
DOIs	https://doi.org/10.1145/3316781.3322469
Publication status	Published - 2 Jun 2019
MoE publication type	A4 Article in a conference publication
Event	Annual Design Automation Conference - Las Vegas, United States Duration: 2 Jun 2019 → 6 Jun 2019 Conference number: 56

Publication series

Name	Proceedings - Design Automation Conference
ISSN (Print)	0738-100X

Conference

Conference	Annual Design Automation Conference
Abbreviated title	DAC
Country/Territory	United States
City	Las Vegas
Period	02/06/2019 → 06/06/2019

Access to Document

10.1145/3316781.3322469

authenticatedcallstack_authorversion
This is the author’s version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in The 56th Annual Design Automation Conference 2019 (DAC ’19), June 2–6, 2019, Las Vegas, NV, USA, https://doi.org/10.1145/3316781.3322469
Accepted author manuscript, 589 KB

OpenUrl availability

Full text

Cite this

@inproceedings{ecac517f4f264421be1cbc99d3f8d1ba,

title = "Late breaking results: Authenticated call stack",

abstract = "Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.",

author = "Hans Liljestrand and Thomas Nyman and Ekberg, {Jan Erik} and N. Asokan",

year = "2019",

month = jun,

day = "2",

doi = "10.1145/3316781.3322469",

language = "English",

isbn = "978-1-7281-2426-1",

series = "Proceedings - Design Automation Conference",

publisher = "ACM",

booktitle = "Proceedings of the 56th Annual Design Automation Conference 2019, DAC 2019",

address = "United States",

note = "Annual Design Automation Conference, DAC ; Conference date: 02-06-2019 Through 06-06-2019",

}

TY - GEN

T1 - Late breaking results: Authenticated call stack

AU - Liljestrand, Hans

AU - Nyman, Thomas

AU - Ekberg, Jan Erik

AU - Asokan, N.

N1 - Conference code: 56

PY - 2019/6/2

Y1 - 2019/6/2

N2 - Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

AB - Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

UR - http://www.scopus.com/inward/record.url?scp=85067825369&partnerID=8YFLogxK

U2 - 10.1145/3316781.3322469

DO - 10.1145/3316781.3322469

M3 - Conference contribution

AN - SCOPUS:85067825369

SN - 978-1-7281-2426-1

T3 - Proceedings - Design Automation Conference

BT - Proceedings of the 56th Annual Design Automation Conference 2019, DAC 2019

PB - ACM

T2 - Annual Design Automation Conference

Y2 - 2 June 2019 through 6 June 2019

ER -

Late breaking results: Authenticated call stack

Abstract

Publication series

Conference

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this