Late breaking results: Authenticated call stack

Hans Liljestrand, Thomas Nyman, Jan Erik Ekberg, N. Asokan

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

3 Citations (Scopus)
209 Downloads (Pure)


Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

Original languageEnglish
Title of host publicationProceedings of the 56th Annual Design Automation Conference 2019, DAC 2019
Number of pages2
ISBN (Electronic)978-1-4503-6725-7
ISBN (Print)978-1-7281-2426-1
Publication statusPublished - 2 Jun 2019
MoE publication typeA4 Article in a conference publication
EventAnnual Design Automation Conference - Las Vegas, United States
Duration: 2 Jun 20196 Jun 2019
Conference number: 56

Publication series

NameProceedings - Design Automation Conference
ISSN (Print)0738-100X


ConferenceAnnual Design Automation Conference
Abbreviated titleDAC
Country/TerritoryUnited States
CityLas Vegas


Dive into the research topics of 'Late breaking results: Authenticated call stack'. Together they form a unique fingerprint.

Cite this