Camouflage: Hardware-assisted CFI for the ARM Linux kernel
This provides enhanced memory protection for ARM Linux kernel users by leveraging hardware extensions, though it is incremental as it builds on existing ARM features.
The paper tackled the performance limitations of software control flow integrity (CFI) in the Linux kernel by implementing a precise hardware-assisted CFI using ARMv8.3 pointer authentication, achieving strong security with minimal performance penalties.
Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.