Camouflage: Hardware-assisted CFI for the ARM linux kernel

Remi Denis-Courmont; Hans Liljestrand; Carlos Chinea; Jan Erik Ekberg

doi:10.1109/DAC18072.2020.9218535

Camouflage: Hardware-assisted CFI for the ARM linux kernel

Remi Denis-Courmont, Hans Liljestrand, Carlos Chinea, Jan Erik Ekberg

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

17 Sitaatiot (Scopus)

Abstrakti

Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

Alkuperäiskieli	Englanti
Otsikko	2020 57th ACM/IEEE Design Automation Conference, DAC 2020
Kustantaja	IEEE
ISBN (elektroninen)	9781450367257
DOI - pysyväislinkit	https://doi.org/10.1109/DAC18072.2020.9218535
Tila	Julkaistu - heinäk. 2020
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	Annual Design Automation Conference - Virtual, San Francisco, Yhdysvallat Kesto: 20 heinäk. 2020 → 24 heinäk. 2020 Konferenssinumero: 57

Julkaisusarja

Nimi	Proceedings - Design Automation Conference
Kustantaja	IEEE
Vuosikerta	2020-July
ISSN (painettu)	0738-100X

Conference

Conference	Annual Design Automation Conference
Lyhennettä	DAC
Maa/Alue	Yhdysvallat
Kaupunki	San Francisco
Ajanjakso	20/07/2020 → 24/07/2020

Pääsy asiakirjaan

10.1109/DAC18072.2020.9218535

https://arxiv.org/abs/1912.04145

Muut tiedostot ja linkit

Link to publication in Scopus

Siteeraa tätä

@inproceedings{8f3be9031f3b444d9c8fa39cd00c6499,

title = "Camouflage: Hardware-assisted CFI for the ARM linux kernel",

abstract = "Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.",

author = "Remi Denis-Courmont and Hans Liljestrand and Carlos Chinea and Ekberg, {Jan Erik}",

year = "2020",

month = jul,

doi = "10.1109/DAC18072.2020.9218535",

language = "English",

series = "Proceedings - Design Automation Conference",

publisher = "IEEE",

booktitle = "2020 57th ACM/IEEE Design Automation Conference, DAC 2020",

address = "United States",

note = "Annual Design Automation Conference, DAC ; Conference date: 20-07-2020 Through 24-07-2020",

}

Denis-Courmont, R, Liljestrand, H, Chinea, C & Ekberg, JE 2020, Camouflage: Hardware-assisted CFI for the ARM linux kernel. julkaisussa 2020 57th ACM/IEEE Design Automation Conference, DAC 2020., 9218535, Proceedings - Design Automation Conference, Vuosikerta 2020-July, IEEE, Annual Design Automation Conference, San Francisco, California, Yhdysvallat, 20/07/2020. https://doi.org/10.1109/DAC18072.2020.9218535

Camouflage: Hardware-assisted CFI for the ARM linux kernel. / Denis-Courmont, Remi; Liljestrand, Hans; Chinea, Carlos et al.
2020 57th ACM/IEEE Design Automation Conference, DAC 2020. IEEE, 2020. 9218535 (Proceedings - Design Automation Conference; Vuosikerta 2020-July).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - Camouflage

T2 - Annual Design Automation Conference

AU - Denis-Courmont, Remi

AU - Liljestrand, Hans

AU - Chinea, Carlos

AU - Ekberg, Jan Erik

N1 - Conference code: 57

PY - 2020/7

Y1 - 2020/7

N2 - Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

AB - Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

UR - http://www.scopus.com/inward/record.url?scp=85093937864&partnerID=8YFLogxK

U2 - 10.1109/DAC18072.2020.9218535

DO - 10.1109/DAC18072.2020.9218535

M3 - Conference article in proceedings

AN - SCOPUS:85093937864

T3 - Proceedings - Design Automation Conference

BT - 2020 57th ACM/IEEE Design Automation Conference, DAC 2020

PB - IEEE

Y2 - 20 July 2020 through 24 July 2020

ER -

Camouflage: Hardware-assisted CFI for the ARM linux kernel

Abstrakti

Julkaisusarja

Conference

Pääsy asiakirjaan

Muut tiedostot ja linkit

Sormenjälki

Siteeraa tätä