Camouflage: Hardware-assisted CFI for the ARM Linux kernel

12/09/2019
by   Rémi Denis-Courmont, et al.
0

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset