Camouflage: Hardware-assisted CFI for the ARM Linux kernel

R\'emi Denis-Courmont; Hans Liljestrand; Carlos Chinea; Jan-Erik; Ekberg

arXiv:1912.04145·cs.CR·December 10, 2019

Camouflage: Hardware-assisted CFI for the ARM Linux kernel

R\'emi Denis-Courmont, Hans Liljestrand, Carlos Chinea, Jan-Erik, Ekberg

PDF

TL;DR

This paper introduces a hardware-assisted control flow integrity solution for the ARM Linux kernel using ARMv8.3 pointer authentication, achieving precise security with minimal performance impact.

Contribution

It presents a novel design leveraging ARMv8.3 PAuth for kernel CFI, demonstrating strong security guarantees on off-the-shelf processors.

Findings

01

Achieves precise kernel CFI with minimal performance overhead

02

Utilizes ARMv8.3 PAuth extension for security

03

Shows deployment differences between kernel and user space

Abstract

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.