ARM Pointer Authentication based Forward-Edge and Backward-Edge Control
  Flow Integrity for Kernels by Yang, Yutian et al.
ARM Pointer Authentication based Forward-Edge and Backward-Edge
Control Flow Integrity for Kernels
Yutian Yang, Songbo Zhu, Wenbo Shen*, Yajin Zhou, Jiadong Sun, and Kui Ren
{ytyang, 3160103828, shenwenbo, yajin zhou, simonsun, kuiren}@zju.edu.cn
Zhejiang University
Abstract—Code reuse attacks are still big threats to software
and system security. Control flow integrity is a promising tech-
nique to defend against such attacks. However, its effectiveness
has been weakened due to the inaccurate control flow graph
and practical strategy to trade security for performance. In
recent years, CPU vendors have integrated hardware features
as countermeasures. For instance, ARM Pointer Authentication
(PA in short) was introduced in ARMV8-A architecture. It can
efficiently generate an authentication code for an address, which
is encoded in the unused bits of the address. When the address
is de-referenced, the authentication code is checked to ensure its
integrity. Though there exist systems that adopt PA to harden
user programs, how to effectively use PA to protect OS kernels
is still an open research question.
In this paper, we shed lights on how to leverage PA to protect
control flows, including function pointers and return addresses, of
Linux kernel. Specifically, to protect function pointers, we embed
authentication code into them, track their propagation and verify
their values when loading from memory or branching to targets.
To further defend against the pointer substitution attack, we use
the function pointer address as its context, and take a clean design
to propagate the address by piggybacking it into the pointer value.
We have implemented a prototype system with LLVM to identify
function pointers, add authentication code and verify function
pointers by emitting new machine instructions. We applied this
system to Linux kernel, and solved numerous practical issues,
e.g., function pointer comparison and arithmetic operations. The
security analysis shows that our system can protect all function
pointers and return addresses in Linux kernel.
I. INTRODUCTION
Since the first emerging in the 1990s [1], code reuse attack
has become a big threat to software and system security,
especially after code injection has been defeated by hardware
features, including NX/SMEP/SMAP on x86 and XN/PXN/-
PAN on ARM. Specifically, after hijacking the control flow
through memory corruption, attackers could chain existing
code snippets (called code gadgets) together to perform ma-
licious operations. This is called return-oriented programming
(ROP in short) [2, 3]. Previous studies showed that given a
large codebase (such as Linux kernel or libc), ROP has been
shown to be Turing complete [4], making it a powerful attack.
To defend against the ROP attack, multiple solutions have
been proposed, which are roughly falling into two categories.
The first category includes systems to make attackers hard to
*Corresponding author.
obtain necessary information to launch the attack, either by
randomizing memory layout [5, 6, 7, 8], or reducing the num-
ber of available gadgets [9]. However, address randomization
has been proven to be ineffective [10, 11], since the address
information could be leaked or inferred. Moreover, the large
codebase makes it impossible to totally eliminate code gadgets.
The second category includes systems to protect the integrity
of control flow (CFI in short) [12, 13, 14]. Though CFI is a
promising technique, its effectiveness has been weakened [15]
due to the inaccurate control flow graph and the practical
strategy to trade security for performance.
In recent years, hardware-assisted control flow enforce-
ment [16, 17] has drawn much attention. These systems
mainly borrow hardware features that were designed for other
purposes. Nowadays, vendors have directly embedded secu-
rity features for CFI in modern CPUs. For instance, ARM
introduced Pointer Authentication (PA) in ARMv8.3 [18].
Specifically, it reuses unused bits in the virtual address of the
ARM64 architecture to calculates and embed an authentication
code for the pointer, thus the name Pointer Authentication
Code (PAC). When the pointer is de-referenced, the embedded
authentication code could be used to verify its validity by the
hardware. To facilitate its use, multiple instructions are added.
Since its debut, PA has been considered as a promising
defense due to its powerful security guarantees and efficient
pointer value verification [19]. However, to leverage this
feature, programmers need to change and recompile their
programs to use the new instructions. Though a couple of
papers are adopting PA to protect code and data pointers in user
programs [20, 21, 22], there is no open implementations that
leverage PA to protect privileged software, i.e., OS kernel 1.
Due to the differences between OS and user programs (for
instance, while user programs could assume that the underlying
kernel is trusted to provide cryptography keys to generate
the authentication code, OS kernels cannot make such an
assumption), how to effectively use PA to protect OS kernel
is still an open research question.
Our work In this paper, we shed lights on how to leverage
PA to protect control flows of OS kernels, and present the first
design and implementation of such a system. Specifically, we
propose PACKER, which is short for Pointer AuthentiCation
for KERnels, protects both function pointers and return ad-
1We are aware that Apple has adopted PA in its latest version of iOS XNU
kernel. However, its implementation details are unknown.
ar
X
iv
:1
91
2.
10
66
6v
1 
 [c
s.C
R]
  2
3 D
ec
 20
19
dresses in Linux kernel, thus providing both forward- and
backward-edge control flow integrity. To the best of our
knowledge, it is the first open implementation of applying PA
to Linux kernel.
In order to leverage PA to provide complete protection of
function pointers, PACKER needs to append the authentication
code to the value of a function pointer 2, track the propagation
of function pointers, and verify its validity when loading
its value from memory or branching to the jump target.
Specifically, PACKER calculates an authentication code (PAC)
for each function pointer (we call the function pointer with an
authentication code as a PACed pointer) before it is written
into memory. The PAC is computed using the combination
of a hardware cryptography key, the function pointer value,
and a context. Then PACKER tracks the propagation of the
function pointer with the help of the LLVM compiler. When a
PACed pointer is loaded from the memory, PACKER verifies
the value to ensure that it has not been modified (attackers have
arbitrary memory write capability). However, the previous step
is not enough since an attacker could directly jump before
the instruction that dereferences a function pointer (the blr
instruction for instance). In this case, PACKER verifies the
jump target in indirect branch instructions before jumping to
it.
When calculating the authentication code, unlike the pre-
vious work that leverages the function type as a context [20],
PACKER takes the address of a function pointer as its context.
That’s because for each function pointer, the function type is
not unique. Attackers could obtain the PACed function pointer
and reuse it for another function pointer. This is called pointer
substitution attack. By using the unique address of a function
pointer as its context, PACKER is immune to this attack.
However, the challenge is the location of de-referencing a
function pointer may be far from the location where it is
loaded, thus we need to propagate the address of a function
pointer between procedures. PACKER takes a clean design to
piggyback the pointer address into the pointer value (Figure 4)
to solve this problem.
To protect return addresses, PACKER will generate the
PAC for a return address before saving it to the stack and check
the PAC after loading it from the stack. The stack pointer is
used as the context, so that the signed return addresses cannot
be replayed across different stack frames. As a result, the
return address corruption and return address replay attacks will
be defeated by PACKER. Moreover, different from existing
works, PACKER uses a single instruction to authenticate the
loading return address and return it atomically, which defeats
the time of check to time of use attacks.
We have implemented a prototype system with LLVM and
applied it to Linux kernel v5.0.1. Specifically, we developed
LLVM passes to identify function pointers, add authentication
code, propagate and verify function pointers by emitting new
machine instructions into the binary. To apply PACKER to
Linux kernel, we also modified the kernel to patch the statically
initialized function pointers, and solved multiple practical
issues, including function pointer comparison, function pointer
arithmetic operations and function pointers inside a union.
2In this paper, if not specified, we use “function pointer” to denote its value,
i.e., the jump target.
63 48 (VA_BIT)
MT/PAC PAC
LO/HI
55 54
Fig. 1: ARMv8.3 Pointer Format with Pointer Authentication.
The Pointer Authentication Code (PAC) is embedded into the
unused bits of a pointer.
The security analysis shows that PACKER can protect all the
function pointers and return addresses in Linux kernel, with a
performance overhead between 15% to 25%, using the micro
benchmark of system calls.
This paper has the following contributions:
• We propose the first design of using the ARM pointer
authentication to protect control flow transfers of
Linux kernels. Our design protects all function point-
ers and return addresses in Linux kernel, thus pro-
viding both forward-edge and backward-edge control
flow integrity.
• To implement PACKER, we have proposed a series
of new techniques to solve technical challenges. In
particular, we proposed address-base authentication
code generation to defend against pointer substitution
attacks, and pointer address piggyback to propagate
function pointer address. We also proposed methods
to identify function pointers, and verify them when
loading, storing their values, and branching into tar-
gets.
• We have implemented a prototype of PACKER based
on the latest Clang/LLVM and applied it to protect the
latest version of the Linux kernel. PACKER success-
fully protects 100% of indirect call sites and return
addresses.
The organization of this paper is as follows: background
knowledge is given in §II. §III discusses the threat model and
assumptions. PACKER design is presented in detail in IV. We
discuss the implementation details in §V and evaluate both the
security and performance of PACKER in §VI. We compare
PACKER with related works in §VII. Finally, we conclude the
whole paper in §VIII.
II. BACKGROUND
In this section, we give preliminary background knowledge
of the techniques used by this paper, including pointer authen-
tication and ROP/JOP attacks.
A. ARMv8.3 Pointer Authentication
ARM has introduced a new hardware security feature in
ARMv8.3, named Pointer Authentication (PA) [23], to protect
integrity of pointers saved in memory. The basic idea of PA
is to compute a cryptographic keyed hash, trunk the hash and
embed it into the unused bits in the pointer. The functionality
of the cryptographic keyed hash is the same to message
authentication code (MAC), therefore it is termed as Pointer
Authentication Code (PAC).
Figure 1 depicts the format of a PACed pointer on ARM64.
VA_BIT represents the size of the virtual address space, which
2
is usually 39 or 48 bits. The other bits of a pointer are not
used for address translation, therefore can be used to hold the
PAC. Note that the top 8 bits are occupied by memory tag if the
ARM memory tag extension (MTE) [24] is enabled. Therefore,
depending on the configuration, the PAC size can be 7 or 15
bits. ARMv8.3 PA uses QARMA block cipher algorithm [25]
for PAC generation:
PAC = QARMA(key, pointer, context).
QARMA takes a 64-bit pointer with a 64-bit context
as inputs and outputs a 64-bit cipher block. QARMA uses
128-bit key, which is kept in dedicated registers. ARMv8.3
PA provides five key registers, out of which, APIAKey and
APIBKey are designed for encrypting code pointers; APDAKey
and APDBKey are designed for encrypting data pointers; and
APGAKey can be used for general purpose. The output cipher
is then truncated to a suitable size and embedded into the PAC
field showed in Figure1.
ARMv8.3 also provides a new set of instructions for PA
support. pac* instruction are designed for generating and
embedding the PAC. For example, pacia x0, x1 accepts x0
as the pointer and x1 as the context, generates the PAC using
APIAKey, and embeds the PAC into x0. Correspondingly,
aut* instructions are designed for PAC authentication. For
example, autia x0, x1 will verify the PAC embedded in
x0 by using APIAKey and x1 as the context, if x0 has a valid
PAC, x0 will be changed into a normal pointer, otherwise its
top bits will be flipped and an address translation error will be
triggered upon de-referencing the pointer.
Some instructions are designed for specific usages, such
as paciasp generates the PAC using x30 as the pointer and
stack pointer sp as the context by default. Similarly, autiasp
authenticates the PAC using x30 as the pointer and stack
pointer sp as the context.
Besides the basic PAC generation and authentication in-
structions, ARMv8.3 PA also provides PA combined instruc-
tions. For example, function pointer branch (call) operation
is usually done by blr instruction, which branches to the
function pointer and updates the link register with the correct
return address. PA now provides blraa, which authenticates
the function pointer first before branching to function pointer.
Similarly, for the function return, PA provides retaa, which
authenticates the return address before returning to it.
Guarded by pointer authentication, even though the at-
tacker can corrupt function pointers with memory corruption
vulnerabilities, the corrupted function pointer cannot pass the
authentication without the knowledge of the key. Therefore,
ARMv8.3 PA can be a cornerstone for designing new control
flow protection schemes. However, due to the limited number
of key registers, PA is vulnerable to pointer substitution attacks
if the context is not selected properly. Existing works [20]
propose to use function types as the context, which still allows
the same type function pointer substitution attacks.
B. ROP and JOP Attacks
Software memory corruption bugs have existed for more
than 30 years [26], during which lots of attacks and defenses
mechanisms have been proposed. In early years, attackers
would inject assembly codes (called shellcode) into the ap-
plication memory and then jump to the injected instruc-
tions. However, since Data Execution Prevention (DEP) has
been proposed, the W⊕X has been supported by almost all
mainstream architectures, and injection code in the writable
memory area became impossible.
With code injection being defeated, attackers cannot inject
new code, begin to reuse existing code to construct new
attack functions. This kind of attack is termed as code reuse
attacks. To launch a code reuse attack, the attacker first hijacks
the program’s control flow to execute deliberately selected
assembly instruction snippets, called gadgets. Gadgets can be
chained together to construct new functions for malicious ends.
Depending on the control data that the attacker hijacks,
code reuse attacks can be divided into two categories: return-
oriented programming (ROP) and jump-oriented programming
(JOP). In return-oriented programming (ROP) attacks, the
attacker controls the call stack through vulnerabilities, such
as buffer overflows, then by injecting the gadgets’ addresses
as the return addresses, the control flow of the program is
redirected to the gadgets. In ROP, each gadget ends with a
return instruction ret, and that is why it is called return-
oriented programming. To defend against ROP attacks, secu-
rity researchers proposed address space layout randomization
(ASLR), which randomizes the address of code, stack, and
heap, making it hard to predict the code gadgets’ addresses and
the buffer overflowed address. However, ASLR is vulnerable
to address leaks [27]. Its design cannot solve the return address
corruption problem fundamentally.
JOP attack, on the other hand, overwrites the function
pointers. When the program calls the corrupted function
pointer via instructions like blr or br, the programs control
flow is hijacked by attackers. Gadgets in JOP end with a
jump instruction, such as blr or br on ARM and jmp on
x86, hence gains the name of jump-oriented programming. To
defend against the JOP attack, researchers proposed control-
flow integrity. The main idea is to check the function pointers
jumping targets according to the Control Flow Graph (CFG)
or function pointer type so that only the targets are in the CFG
or jump targets are the same type with the function pointer,
then the jump is allowed.
III. THREAT MODEL AND ASSUMPTIONS
A. Threat Model
The attacker in our paper is powerful with arbitrary kernel
memory read and write capability. However, the attacker
cannot change existing kernel code or inject new code to
the kernel. This is reasonable as W⊕X is supported by all
mainstream CPU architectures. Moreover, new isolation based
designs [28, 29] use trust execution environments, such as
TrustZone [30], to protect the kernel code against different
kinds of kernel vulnerabilities.
Even though the attacker gains arbitrary kernel memory
read and write capability via kernel vulnerabilities [31], he/she
still cannot read or write the registers directly, such as the PA
key registers. However, the attacker is able to read and write
the register contents that are saved to the kernel memory.
3
RUNTIMECOMPILE TIME 
FP PAC Instruction Insertion
RA PAC Instruction Insertion
LLVM Backend
Pointer Information Collection
Store/Load/Branch Instrument
LLVM IR
KERNEL SOURCE
Clang
LLVM MachineCode
Linking
VMLINUX
PRNG Setup
Pointer Authentication Init
In-Mem FP Patching
Boot Complete
start_kernel()
rest_init()
PACKER Runtime Protection
KERNEL INTERNAL
PACKER COMPONENT
LLVM INTERNAL
FP Store FP Load FP Branch RA
PAC
Gen
PAC
Auth
PAC
Auth
Gen
Auth
Fig. 2: PACKER Overview. PACKER contains two stages:
compile time and runtime.
With the arbitrary kernel memory read and write capability,
the attacker tries his/her best to change the control data, such
as function pointers or return addresses, to gain code execution
capability in kernel space. The attacker can corrupt the function
pointers in the kernel data section, stack, and heap or the return
addresses on the kernel stack. The attacker may also try to
guess the PAC value or launch pointer substitution attacks to
replace the original pointer value with the interested PACed
pointer values.
B. Assumptions
We assume that the kernel boot-up process is trusted.
This is a valid assumption as the bootloader can verify the
cryptographic hash of the kernel binary easily when loading
kernel image to memory. The boot time verification guarantees
the integrity of the kernel image, as well as the trustworthiness
of the kernel boot-up. After the kernel fully boots up, allowing
system calls, that is when the vulnerabilities can be triggered,
and the kernel can be attacked.
We further assume the random number generation in the
kernel is trusted so that the generated random number has the
expected random entropy. As a result, the attacker cannot guess
the PA key easily. Finally, we assume that the hardware works
as defined by the ARM specification, especially for the Pointer
Authentication related hardware.
IV. PACKER DESIGN
A. Overview
As mentioned in §II-A, due to the limited number of key
registers, ARMv8.3 PA is vulnerable to pointer substitution
attacks. For example, even though the attacker does not have
the key, it can trigger vulnerabilities to leak a PACed code
pointer, and substitute the attacking pointer with this leaked
code pointer. The leaked code pointer already has a valid
PAC, thus can pass the PA authentication. In this way, the
attacker can still launch JOP attacks, in which the function
pointers become the replayed PACed function pointers. Exist-
ing works [20] proposed to use function type as the context
when generating PAC, which achieves the same protection with
the fine-grained CFI [32] that only allows a function pointer
to jump to a set of functions with the same function signature
at runtime [19]. Pointer substitution attacks still exist for the
code pointer with the same type (function signature).
To defeat pointer substitution attacks, PACKER proposes
address-based PAC, in which the virtual address of a function
pointer variable is used as its context when computing the
PAC. Therefore, we have
PAC = QARMA(key, pointer, address),
where the key the 128-bit encryption key, the pointer is the
function pointer value while address is the virtual address of
the function pointer variable. The basic idea behind address-
based PAC is that all function pointers in kernel memory
are within the same address space, therefore all of them
have different virtual addresses. To defend against pointer
substitution attacks, PACKER leverages the unique virtual
address to generate unique pointer PAC, so that one PAC is
bonded to one particular address, cannot be replayed to other
addresses.
Overall, PACKER consists of two stages: compiling stage
and run-time stage, as shown in Figure 2. During the compiling
stage, PACKER relies on Clang to compile kernel source code
to LLVM IR. Then on the kernel IR, PACKER first analyses
global variables and all data structures inside a module, and
then identifies function pointers inside the module §IV-C.
After that, with the identified function pointer information,
PACKER instruments the IR and the backend instructions that
involve the function pointer store, load and branch opera-
tions §IV-D. Finally, for the return address, PACKER inserts
PAC generation code in the function prologue, as well as the
PAC checking code in the function epilogue §IV-E.
After the compiling stage, a PA-instrumented vmlinux
binary is generated. During the runtime stage, especially the
kernel boot-up process, PACKER first configures the registers
and initializes the PA keys §IV-F. Then PACKER generates
PAC for the statically initialized function pointers and dy-
namically function pointer assignments that happen before
PA initialization §IV-G. After that, PACKER functionality is
complete, it protects all code pointers inside kernel memory,
including function pointers and return addresses.
B. Function Pointer Address Propagation
Pointers with PAC should be authenticated at both the
function pointer load (loading a function pointer from memory
to a register) and the function pointer branch (jumping to a
function pointer). In address-based PAC, authenticating at load
site is straightforward as the pointer’s address and value can
obtain easily from the load instruction.
However, for PAC authentication at branch (call) site,
deciding the address of a function pointer becomes much
4
1 typedef void (*async_func_t) (void *data,
async_cookie_t cookie);↪→
2 static async_cookie_t __async_schedule(async_func_t
func, void *data, structasync_domain *domain) {↪→
3 async_cookie_t newcookie;
4 ......
5 func(data, newcookie);
6 ......
7 }
Fig. 3: Code in kernel which passes FP as a function argument.
The argument func of __async_schedule function is a
function pointer, its address information is lost at its call site
in Line 5.
1663
63 54 48 43
PAC
Kernel Address Space
1463 21
Func Encode
Content of Function Pointer:
Address of Function Pointer:
PiggyBack Form:
2
Alignment
Fig. 4: The pointer format with pointer-address piggyback. A
piggyback pointer contains the function pointer value, the PAC,
and the function pointer address.
harder. If the function pointer call is within the same func-
tion as the pointer loading, we can get the function pointer
address by going through the use-def chain of the function
pointer. However, in kernel, the gap between the loading and
branching can be inter-procedure. For example, the kernel has
hundreds of places that load a function pointer and pass its
value as a parameter to a callee function, while the actual
function pointer branch is in the callee function, as shown
in __async_schedule in Figure 3 and do_dentry_open
function in Figure 7a. In those cases, it is impossible to
specify the function pointer address at the callee site. One
native solution can be changing the callee function by adding
the address as an additional parameter. However, changing
hundreds of calling functions is not practical.
In order to address the function pointer address propagation
problem, we propose pointer-address piggyback. The basic
idea is to piggyback the address on the function pointer, so that
the function pointer always carries its address. As a result, we
can always get the function pointer’s address whenever we use
the function pointer. To achieve pointer-address piggyback, we
encode the function pointer value so that the encoded function
pointer contains the point-to value, the PAC, and the address,
as shown in Figure 4. Our key observation is that for kernel
with defconf configuration, the total number of address-taken
functions is less than 10k, which can be encoded by 14 bits
(214 == 16k). Therefore, we can use 14 bits to index a
function pointer value (the point-to address). PAC needs 7
bits, giving us 43 bits for encoding the address, as shown
in Figure 4. As ARM/ARM64 are word (4 bytes) aligned,
which means the 43 bits can be used to index 45 bits of virtual
memory.
C. Identifying Function Pointers
To locate instructions to be instrumented, identifying func-
tion pointers among all the variables inside a module is
Algorithm 1 Precise function pointer identification
1: function ANALYZEMODULE(M)
2: S, SGI ← ANALYZEGLOBALFP(M)
3: STI← ANALYZESTRUCT(M, SGI)
4: do
5: S’← S
6: for all F ∈ M do
7: S, STI← ANALYZEFUNCTION(F, S, STI)
8: end for
9: while S 6= S’
10: return S
11: end function
12:
13: function ANALYZEFUNCTION(F, S, STI)
14: for all BB ∈ F do
15: for all I ∈ BB do
16: S, STI← ANALYZEINST(I, S, STI)
17: end for
18: end for
19: for all revBB ∈ F do
20: for all revI ∈ BB do
21: S, STI← ANALYZEINST(I, S, STI)
22: end for
23: end for
24: return S, STI
25: end function
26:
27: function ANALYZEINST(I, S, STI)
28: for all op ∈ I do
29: if ISFUNCTIONPTR(op, STI) then
30: S← S ∪ {op}
31: end if
32: end for
33: S← PROPAGATE(I, S)
34: STI← UPDATE(S, STI)
35: return S, STI
36: end function
required to be precise. Any mistaken instrumentation causes
unexpected behaviors or even kernel panic. Note that only
relying on function pointer type can hardly cover all of the
function pointers, as some function pointers are typed as void*
or worse, 64-bit integer. Only when we combine program
semantics on these variables, e.g., they become targets of
indirect calls or they are assigned with function pointers, can
we identify them as function pointers. We have also found that
some fields inside a struct type are not function pointer type
but contain function pointers, as shown in Figure 5. Recording
these fields can help us to discover more corner cases.
Following these insights, we have developed an intra-
procedure and field-sensitive analysis method to precisely
identify all the function pointers based on LLVM IR, whose
details are given in Algorithm 1. Note that function pointer
identification is totally different from function pointer alias
(point-to) analysis. PACKER only requires to distinguish func-
tion pointers among all variables, while the later one tries to
determine the point-to set of a function pointer.
Before diving into the details, we need to clarify the terms.
M denotes a module, F denotes a function and I denotes
5
an instruction. Set S in ANALYZEMODULE contains all the
identified function pointers by our algorithm. We use function
pointer field to denote a field that contains a function pointer
inside a struct. STI stores all function pointer fields to support
our analysis.
1) Global Information Collection: The first step is to
analyze data structure and statically initialized global variables,
whose results can serve as basic information for subsequent
function pointer identification and function pointer patching
during kernel’s early boot §IV-G.
In ANALYZEGLOBALFP at line 2, we first walk through
the initialization list of all global variables. The set of global
variables which are initialized by function names are used to
initialize S, including those laying inside a struct. If they are
part of a struct, the struct as well as their fields inside the
struct are also stored into the set SGI.
The set SGI enables us to pick out initial function pointer
fields: if a field with its struct type in set SGI, or if it is of
function pointer type, it will be stored to STI. This step is done
at line 3. Each record of a function pointer field consists the
type name of a struct and a sequence of indices to reach this
field. These struct names and indices can be duplicated because
a struct can be nested in kernel, such as task_struct. We
organize STI by a directed acyclic graph so that we can store all
function pointer fields with faster query speed and less memory
overhead. A node in the graph represents a struct type that
contains a function pointer field, or just a basic type which
may contain function pointers if it has no successor. An edge
from node A to B indicates type B is included in type A.
By analyzing module global information, we get initialized
S and STI, which hold basic information for analysis on each
function. After finishing analysis on a function, S and STI are
also updated by the analysis results. We analyse each function
inside the module in one iteration and our algorithm will iterate
continuously until S no further changes.
2) Per-Function Pointer Identification: As described from
line 14 to line 18, rather than considering conditional or loop
relationships among basic blocks, we linearly walk through
each instruction inside a function because they do not affect the
analysis result. More specifically, we focus on type information
and its propagation across values, taking a loop just once or
multiple times makes no difference on our analysis.
For each IR instruction, all its operands that can be
identified as function pointers by global information are first
added to S, i.e., we check for each operand if it is of function
pointer type, or comes from a function pointer field. Then
a propagation rule based on the kind of the IR instruction,
namely the transfer function of the IR, is enforced to decide
whether the rest operands and the instruction output should
be added to S. So far we have implemented transfer functions
for seven kinds of IR instructions: bitcast, icmp, phinode,
store, load, getelementptr and call, the details of which
are further revealed in §V-B.
Note that our algorithm iterates twice—-first in forward and
then in backward directions inside a function as indicated at
line 16 and line 21. We do not simply iterate only once since an
indirect call instruction does not propagate function-pointer
attribute but generates the attribute for the called pointer. The
1 struct block_device {
2 void *bd_holder;
3 };
4
5 static bool bd_may_claim(struct block_device *bdev,
struct block_device *whole, void *holder) {↪→
6 /* ... */
7 }
8
9 int blkdev_get(struct block_device *bdev, fmode_t
mode, void *holder) {↪→
10 /* ... */
11 struct block_device *whole;
12 whole->bd_holder = bd_may_claim;
13 bdev->bd_holder = holder;
14 /* ... */
15 }
Fig. 5: Even though both sides of the assignment at line 13 are
void* type. PACKER can identify both of them as function
pointers through field-sensitive analysis.
function pointer operand added to set S by an indirect call
cannot propagate to the operands in the previously visited
instructions. Therefore, we add an extra backward iteration
to fully propagate function-pointer attribute. Intuitively, set S
will become stable after the two rounds as no more function
pointer attribute is generated during the second iteration—-it
just propagates along the instructions.
3) Precision: Our pointer identification algorithm is able to
precisely identify most of function pointers inside the kernel,
can eventually achieve 100% after handling the corner cases
in kernel. These corner cases and our measures will be later
detailed in §V-D. Generally, the precision of our algorithm
comes mainly from three aspects:
Exclusiveness of function pointers: we assume a function
pointer is exclusive, i.e., it should always point to executable
code after initialization and should not contain data of any
other types at any time. In fact, this rule works in most times
because mix use of function pointers and other data in one
variable could be dangerous. For example, a variable that
contains a data pointer could be called in this case, which
leads to arbitrary code execution. The exclusiveness has made
our analysis more precise because in our algorithm, a variable
must or must not be a function pointer, rather than may be.
Semantic awareness: Rather than depending only on type
information, PACKER also utilizes program semantics to iden-
tify function pointers. Based on the semantics of the seven
kinds of instructions we have modeled, PACKER are capable
of identifying more function pointers.
Field sensitivity: PACKER takes advantage of field-
sensitive analysis to achieve higher precision. Figure 5 gives us
a code snippet in kernel. At line 13, both bdev->bd_holder
and holder are of void* type and they are neither called or
assigned with function pointers within blkdev_get. Conse-
quently, an algorithm with only semantic awareness will not
identify them as function pointers.
However, PACKER records all the function pointer
fields to assist function pointer identification. Note that the
same field bd_holder in block_device has been as-
signed a function bd_may_claim. So PACKER considers
this field as a function pointer field and records it
in STI. When PACKER encounters the same field inside
bdev->bd_holder, it immediately identifies the variable as a
6
1 struct file_operations {
2 ......
3 int (*open) (struct inode *, struct file *);
4 ......
5 }
6
7 static struct file_operations ptmx_fops
__ro_after_init;↪→
8
9 static void __init unix98_pty_init(void)
10 {
11 ......
12 ptmx_fops.open = ptmx_open;
13 ......
14 }
(a) C code of ptmx_fops.open assignment. Line 12 shows that
ptmx_open is assigned to the function pointer open inside the
struct ptmx_fops.
1 add x19, x19, #0x3e8
2 adrp x0, ffffff8010505000 <tty_jobctrl_ioctl+0x268>
3 add x0, x0, #0xe4c ; address of ptmx_open
4 adrp x1, ffffff8010714000
<security_hook_heads+0x80>↪→
5 add x1, x1, #0x3e8 ; address of ptmx_fops
6 str x0, [x1, #104]! ; ptmx_fops.open = ptmx_open
(b) Assembly code of ptmx_fops.open assignment without
PACKER instrumentation. Line 6 shows the actually function pointer
store operation, in which x0 holds the function pointer value.
1 add x19, x19, #0x3e8
2 adrp x0, ffffff8010505000 <tty_jobctrl_ioctl+0x268>
3 add x0, x0, #0xe4c ; address of ptmx_open
4 adrp x1, ffffff8010714000
<security_hook_heads+0x80>↪→
5 add x1, x1, #0x3e8 ; address of ptmx_fops
6 pacia x0, x1 ; use address in x1 as PAC context
7 ; PAC is embedded in x0
8 str x0, [x1, #104]! ; ptmx_fops.open = ptmx_open
(c) Assembly code of ptmx_fops.open assignment with PACKER
instrumentation. Line 6 shows the PAC generation instruction, in
which x0 holds the pointer value, x1 holds the address of the pointer.
Fig. 6: Function pointer store operation in PACKER.
function pointer. Then, holder is also identified as a function
pointer from semantics of the assignment.
The precision of our algorithm ensures that instrumentation
instructions are inserted into correct locations. Inserted instruc-
tions will enforce function pointer integrity and return address
integrity, which are introduced in the next two sections.
D. PAC Instrumentation on Function Pointer Store/Load-
/Branch
1) Generating PAC on Function Pointer Store: All function
pointers in memory should be protected by PAC to defeat
attacker’s corruption, thus they should be PACed before storing
into memory. Function pointers are stored into memory under
the following three cases: 1) Statically initialized function
pointers which are loaded from binary to memory. 2) Dy-
namically assigned function pointers which are saved by store
instructions. 3) Byte-object function pointers which are treated
as a sequence of bytes and copied from another address by
memcpy and memmove.
Function pointers in the first case are PACed dynamically
during kernel initialization after PAC keys setup. In fact,
some dynamically assigned function pointers before PAC key
initialization also need to be patched and we leave the details
to §IV-G.
Most of kernel function pointer store falls into the second
case. For this case, PACKER gets the function pointer and
the address to be stored, PACs the function pointer before the
storing instruction, as shown in Figure 6. Line 12 in Figure 6a
shows that ptmx_open is saved into function pointer open
inside struct ptmx_fops. Line 6 in Figure 6b shows the actual
store instruction. Figure 6c shows the assembly code after
PACKER instrumentation. Line 7 shows the PAC generation
instruction, in which x0 holds pointer value while x1 holds
the pointer’s address. Some already loaded function pointers
may be in piggyback form by our design, while others may be
in normal form, e.g., immediate function addresses. PACKER
is able to distinguish these two kinds of pointers as normal
kernel function pointers have a fixed pattern in most times.
But piggybacked pointers never follow this pattern. They are
decoded to normal pointers before PACed.
The third case is more special as function pointers are
decomposed to bytes and lose their type information dur-
ing memcpy or memmove. We wrap these functions with
pac_memcpy and pac_memove and replace them. Our wrapper
functions check every byte of the destination object and use
the pattern of PACed function pointers to match function
pointers. We do not match on the source object as it could be
overlapped with the destination and changed during memmove.
Strict matching rules are adopted in matching. Old PAC is
stripped from a recognized function pointer, which is then
patched with new PAC calculated by its new address as the
context.
2) Authenticating PAC on Function Pointer Load and
Branch: PACKER authenticates function pointers on both
function pointer load and branch. Authenticating function
pointers on branch instructions is easy to understand because
it prevents function pointer branch instructions from being
abused as JOP gadgets to jump to arbitrary addresses. How-
ever, function pointer loads also need to be authenticated
for two reasons. First, the function pointer is loaded from
memory, thus may be corrupted by the attacker, as the attacker
has arbitrary memory write capability. Second, the function
pointer is loaded into registers, thus it may propagate across
different registers and used by other instructions, such the PAC
generation instruction and store instruction. Without function
pointer load authentication, the attacker can corrupt one func-
tion pointer in the memory to be a malicious code address.
When the function pointer is loaded, a malicious code address
can propagate to the PAC generation and store instructions.
As a result, the PAC generation and store instructions can
be abused by the attacker as a signing gadget. To break this
signing gadget, we either authenticate function pointer before
PAC generation instruction or authenticate on function point
load. As the PAC generation instructions must accept un-
PACed function pointers, we cannot authenticate them before
PAC generation. Therefore, PACKER authenticates all function
pointer loads, so that no illegal function pointer can sneak into
registers.
To authenticate function pointer load, PACKER instru-
ments all loads with PAC authentication. Line 6 in Figure 7a
shows a function pointer load, which is compiled into ldr
7
1 static int do_dentry_open(struct file *f,
2 struct inode *inode,
3 int (*open)(struct inode *, struct file *)) {
4 ......
5 if (!open)
6 open = f->f_op->open;
7 if (open) {
8 error = open(inode, f);
9 ......
10 }
11 ......
12 }
(a) C code of load and branch operations. Line 6 shows a function
pointer loads while Line 8 is a function pointer branch (function
pointer call).
1 mov x19, x0 ; x19 = &f
2 ...
3 ldr x1, [x19, #40] ; x1 = &f->f_op
4 ldr x0, [x1, #104] ; x0 = f->f_op->open
5 ; load function pointer
6 cbz x0, ffffff80101fcdc8 ; if (open) statement
7 mov x8, x0 ; x8 holds function pointer
8 mov x0, x21 ; argument 1, inode
9 mov x1, x19 ; argument 2, f
10 blr x8 ; branch to function pointer
(b) Assembly code of ptmx_fops.open without PACKER instru-
mentation. Line 4 loads the function pointer to register x0. Line 7
moves function pointer to register x8. Line 10 is the function pointer
branch, which calls function pointer in x8.
1 mov x19, x0 ; x19 = &f
2 .....
3 ldr x1, [x19, #40] ; x1 = &f->f_op
4 ldr x0, [x1, #104]! ; x0 = f->f_op->open
5 ; load function pointer
6 autia x0, x1 ; PAC authentication
7 .....
8 cbz x0, ffffff80101fcf84 ; if (open) statement
9 .....
10 mov x8, x0 ; x8 = function pointer
content↪→
11 mov x18, x1 ; x18 = function pointer
address↪→
12 mov x0, x21 ; argument 1, inode
13 mov x1, x19 ; argument 2, f
14 blraa x8, x18 ; authenticate and branch
to function pointer↪→
(c) Assembly code of ptmx_fops.open with PACKER instru-
mentation. PACKER adds Line 6 and Line 14. Line 6 is the PAC
authentication code while x0 holds the PACed pointer while x1 holds
its address. Line 18 is the authenticate and branch instruction, which
authenticates the PACed pointer in x8 first. x18 holds the pointer
address.
Fig. 7: Function pointer load and store operations in PACKER.
instructions of Line 3-4 in Figure 7b. Line 6 in Figure 7c shows
the PACKER instruments PAC authentication instruction that
authenticates the PACed pointer in x0 with x1 holding the
address as the context.
The other place to check PAC is at function pointer branch
instruction (indirect call site). If a function pointer passes PAC
check upon loading, it is transformed into piggyback form. A
piggyback pointer is then extended to a PACed function pointer
for the second PAC check at function pointer call site (function
pointer branch). As shown in Figure 7c, at the function pointer
call site, the original blr instruction is replaced by blraa in
Line 14, which authenticates the pointer in x8 first by using
address in x18 before branching.
3) Function Pointer PAC Instruction Insertion: To insert
PAC generation and authentication code shown in Figure 6c
and Figure 7c, PACKER performs instrumentation in both
LLVM IR and LLVM backend, as shown by the “Store/Load-
/Branch Instrument” block and the “FP PAC Instruction Inser-
tion” block in Figure 2.
In LLVM IR, PACKER first inserts IR instructions to indi-
cate function pointer store, load, and branch respectively. The
inserted calling instructions call different functions depending
on the instrumented instructions, such as a call to pac_store
is inserted to replace function pointer store, pac_load to
replace function pointer load. For function pointer branch,
things are a little bit different. We do not replace function
pointer call, but add a pac_call just before it. The parameters
for pac_store and pac_load are the function pointer and
its address, which can be fetched from operands of store
and load instructions. For pac_call, its parameter is the
called function pointer, which is supposed to be a pointer in
piggyback form at run-time and can be decoded to a PACed
pointer with its address. The inserted instructions will then
be lowered from IR to LLVM machine instructions in the
backend.
Different from LLVM IR, LLVM machine instructions
are closely related to the target architecture, including CPU-
specific instructions. Therefore PAC-related instructions, which
are only available on ARMv8.3 and newer ARMv8 archi-
tectures, are inserted in LLVM backend. Inserted machine
instructions will replace the stub function calls we have added.
For example, when PACKER backend encounters a call to
pac_store, it replaces it with a PAC-generating instruction
followed by a store instruction storing the PACed pointer to the
address just like what Figure 6c shows. Note that the original
function pointer and the address are already in register X0
and X1 as the function parameters of our stub calls. Dealing
with pac_load is just a similar process. However, stub calls
to pac_call is a little different. We must decode the input
piggyback pointer into a PACed pointer and its address, which
are needed to be stored in two registers for blraa. Note
that we cannot directly use X0 and X1 to save them because
they are parameters passed into the indirect call. Instead, we
save them to virtual register provided by LLVM backend. The
virtual registers will be mapped to registers that are not live at
this point automatically by LLVM backend. Figure 7c displays
the output of PACKER backend for indirect calls.
E. Return Address Protection
The return address PAC generation and checking reuses
the existing idea [19]: using the stack pointer as the context,
generating the PAC for the return address register before
pushing it to the stack and verify the PAC right after loading it
from the stack, as shown in Figure 8a. However, the existing
design uses separate PAC authentication instruction autiasp
and return instruction ret. The interrupt may happen in
between, giving the attacker chances to launch time of check
to time of use (TOCTTOU) attack. For example, during the
interrupt, the authentication of x30 already passes, and its
8
1 vfs_open:
2 paciasp
3 stp x29, x30, [sp, #-16]!
4 mov x29, sp
5 ......
6 ldp x29, x30, [sp], #16
7 autiasp
8 ret
(a) Existing design for protecting return address. Interrupt can happen
between autiasp and ret.
1 vfs_open:
2 paciasp
3 stp x29, x30, [sp, #-16]!
4 mov x29, sp
5 ......
6 ldp x29, x30, [sp], #16
7 retaa
(b) Return address protection in PACKER. Compared with existing
design, retaa guarantees the atomicity.
Fig. 8: Return address protection in PACKER.
value will be saved on the interrupt stack. The attacker can
overwrite x30 value on stack and jump to an arbitrary place
on return.
To address this problem, PACKER proposes to use the
retaa instruction to authenticate and ret in one instruction.
PACKER guarantees the atomicity and improves the security
by eliminating the gaps between time of check and time of
use.
Note that in kernel space, every thread has its dedicated
kernel stack, while the stack pointer points to the stack frame
within these per-thread kernel stacks. In other words, the stack
pointer sp for different thread is guaranteed to be different,
while using these stack pointer as the PAC context makes
sure that the PAC cannot be replayed across different thread in
kernel. More specifically, the stack pointer is per-thread, and
per-stack-frame, making it virtually impossible to launch the
pointer substitution attacks.
F. Pointer Authentication Initialization
Before utilizing pointer authentication (PA) to protect
kernel function pointers and return addresses, we must first
setup pointer authentication keys. Current Linux kernel only
provides the PA for user space, not for kernel itself yet [33, 34].
Moreover, PA keys in Linux kernel are saved in kernel memory
without any protection [35], makes it vulnerable to arbitrary
kernel memory read/write attacks.
To setup the PA environment for kernel, we set TBI and
TBID bits in tcr_el1 as soon as start_kernel is called
to ensure PAC is 7 bits. Then we configure the sctlr_el1
to enable the IA and IB keys for PA. After that, PACKER
needs to invoke kernel random number generation functions
to generate 128 bits random numbers and set it into PA key
registers.
Note that randomness functionality is not enabled at the
very beginning of kernel boot. As a result, even the PA key
registers are setup right after kernel randomness initialization,
hundreds of functions that invoking function pointers are
already executed before PA initialization. This will impose
several challenges to PACKER. First, before PA key setups,
a call to a function pointer may happen. As we mentioned
before, a PAC check would occur at a function pointer callsite,
the check will never pass without setting the keys. To avoid
checking failure and crash, PACKER adds key setup check,
if key has not setup, PACKER will not check PAC signature.
Here PACKER only adds the check code to codes executed at
kernel initialization process, and all those codes will be freed
after kernel boot up, so this will not jeopardize the security of
PACKER.
Second, hundreds of function get executed before PA
initialization. These functions may have pointer load and store
operations. Right after key setup, PACKER will patch the
statically allocated function pointer with the correct PAC.
However, the store operations happens before PA key ready
stores the un-PACed pointer values. Therefore, PACKER must
be able to trace all the store operations and patch all these
locations. To address this problem, PACKER proposed to
instrument all store operations. If PA is not ready, will allow
the operation proceed, but will record the target address for
later patch, details in §IV-G.
G. Statically and Dynamically Initialized Function Pointer
Patch
Same with userspace case [20], the statically allocated and
initialized function pointers do not contain PAC signature, as
the pointer authentication key is not available at the compiling
time. Those function pointers need to be patched with proper
PAC after we set PA key. However, different from user space,
the kernel cannot rely on the loader, so it must figure out the
addresses which need to be patched.
To address this problem, during the compiling time,
PACKER emits all addresses of the statically allocated func-
tions. Especially for statically allocated kernel structures that
contain function pointer fields, PACKER emits the address of
the kernel structures and the offsets of the function pointer
members. For patching, PACKER maps this information to the
actual pointer addresses during the kernel booting up. For each
statically allocated and initialized function pointer variable
or the function pointer member inside a statically allocated
structure, PACKER first reads its value, calculates the PAC
value, and writes back to the memory. Note that this is all
done after PA key is set.
As mentioned before, kernel randomization is not enabled
at the very beginning. As a result, hundreds of functions get
executed before the PA key is ready. These functions involve
function pointers assignment. In other words, besides the
statically initialized function pointers, PACKER also needs to
patch function pointers that get initialized dynamically before
PA key is ready. To do this, as all function pointer stores
are already instrumented, PACKER checks the PA key status
before the PA code generation and the store. If PA key is not
ready, PACKER skips the PA code generation, just stores the
raw pointer value. At the same time, PACKER will record the
address of this function pointer. After PA key initialization,
PACKER will come back to calculate the PA code for all
recorded addresses, and update the pointer value with the
correct PAC.
9
V. IMPLEMENTATION
In the implementation section, we first give out the envi-
ronment settings we used for our implementation. Then we
talk about the PACKER modification on compiler and the
kernel. Finally, we present the details of the practical issues
we encountered during our implementation.
A. Environment Settings
We have implemented PACKER on LLVM 10 and Linux
kernel v5.0.1. PACKER kernel is built at optimization level O2.
The kernel binary is running on ARMv8-A Fixed Virtual Plat-
forms (FVP) based on Fast Model v11.7.30. FVP is a software
simulator from ARM, which provides pointer authentication
hardware simulations. FVP environment is set up on Ubuntu
18.04, running on Intel i7-7700. To boot up the kernel with
PACKER on FVP, we also wrap a bootloader with PACKER
kernel using boot-wrapper and build a minimal initram file
system with buildroot.
B. Compiler Modifications
PACKER Clang/LLVM implementation contains 3 passes,
about 2600 lines of code. LLVM organises all its analysis and
optimization functionalities in the unit of pass, therefore, both
of our works on IR level and on backend are implemented in
passes. LLVM passes are executed in a serial order and the
positions of our passes in the order can affect the result. On
IR level, IR output of the prior passes may be optimized by the
optimization passes. Therefore, to avoid our inserted IR from
being optimized, we put all our IR passes together at the end
of all IR passes. On backend, LLVM machine code is lowered
by passes. In this process, it loses high-level information, such
as the type info and the virtual registers info, and gets closer to
the real target assembly code. Some of our backend passes use
virtual registers so they must run before the register allocation
pass. The others are put to the end of the machine code passes.
For ease of use, We have also modified Clang/LLVM
backend to support command line flags. One can pass -mkfpi
flag to enable IR-level functionalities while pass -mllvm
-aarch64-enable-kfpi flags to enable backend instrumen-
tation.
1) IR-level Implementation: We have added three passes
to the LLVM passes to implement function pointer identifica-
tion §IV-C and IR instruction instrumentation §IV-D, namely
InitPass, MarkPass, and InstrumentPass.
First, the InitPass analyzes global variable initialization
and data structure that contains function pointers, and store
the results for subsequent use. Note that it does not change IR
code and will pass the IR to MarkPass as soon as it finishes
its work.
MarkPass is responsible for identifying all IR values
which are function pointers, i.e., calculating the set S in Al-
gorithm 1. Here we focus on implementation details about
the transfer functions of the seven instructions: bitcast
transforms the type of an IR value and we put both the output
and the input value into set S if any of them is in S. icmp
compares two integers and decides the result according to the
input condition. Therefore, either one of the two operands
belonging to S indicates the other should be also added to
S.
phinode is an implementation of φ in static single as-
signment(SSA) form. It chooses one of inputs as its output
according to its predecessor basic blocks. We just add all the
values including the output to S if one of these values is in
S. The strategy is based on our insight that in most cases, no
value could be a function pointer in one condition but a data
pointer or a normal integer in another. A special case is the
union type which may violate our assumption, details in §V-D.
store instruction saves the first operand into the memory
pointed to by the second operand and has no output. If the
first operand is a function pointer, then the second operand
should be a pointer to a function pointer. Note that we have
to distinguish function pointer and the pointer to a function
pointer for store so we add an extra attribute level to each
element in set S. Level 0 means the element is a function
pointer, level 1 means a pointer to a function pointer and so
on. Consequently, the second operand in store must be one
level higher than the first operand. load instruction just does
the opposite process of store.
getelementptr, also known as GEP, takes a struct or
array pointer and a sequence of indices as its inputs. It
calculates the offset from the indices and outputs the pointer
incremented by the offset. The instruction is usually used to
index a field inside a struct or array. As we maintain all
function pointer fields information including the struct types
and indices in a DAG STI (Algorithm 1), we can decide the
result of a GEP is a level 1 function pointer if its inputs forms
a path in the DAG. Finally, call instructions just adds the
called operand to S.
IR code is not modified in MarkPass either and passed
to InstrumentPass, where the instrumentation IR code is
finally added according to S. InstrumentPass also outputs
the global variables initialized by function pointers with their
offsets inside a struct to support function pointer patching
during early kernel boot.
2) Backend Implementation: We have added four back-
end passes to LLVM AArch64 backend, i.e., VirtRegPass,
BranchPass, RAPass and MemcpyPass. VirtRegPass allo-
cates virtual registers to save the PACed function pointer and
its context needed by blraa. BranchPass changes all the blr
to blraa using the two virtual registers as inputs. Both of the
two passes must execute before register allocation. The other
two are executed at the end of all the backend passes. RAPass
is for return address protection, it first locates function frame
setup and destroy and then inserts paciasp before frame
setup and autiasp after frame destroy. MemcpyPass replaces
all calls to __memcpy and __memmove to pac_memcpy and
pac_memmove, respectively. Although this has been done once
in IR, we do this just in case that a sequence of assignment
on continuous memory is optimized to __memcpy at backend,
which actually happens at optimization level O2.
C. Kernel Patching
PACKER’s kernel modification has about 600 lines of
code, including initializing pointer authentication hardware and
patching the un-PACed function pointers. The PA initialization
10
1 static irqreturn_t irq_forced_secondary_handler(int
irq, void *dev_id) {↪→
2 /* ... */
3 }
4
5 static void irq_finalize_oneshot(struct irq_desc
*desc, struct irqaction *action) {↪→
6 if (!action->handler ==
irq_forced_secondary_handler)↪→
7 return;
8 }
Fig. 9: An example of function pointer comparison in kernel.
Line 6 compares a function pointer with a function name.
is mainly set up the registers to enable PA functionality.
Moreover, it also calls the kernel random number generator
to generate PA key. As a result, the PA can only be ini-
tialized after kernel enables the random number generation
functionality. Therefore, PA initialization is done right after
add_device_randomness in start_kernel.
It is worth mentioning that PA initialization code con-
tains the sensitive instructions that loading the PA key. To
guarantee the security and remove all PA key manipulation
related instructions, we mark all PA initialization code as init
text, so that it will be freed by free_initmem as soon as
the kernel boot completes. As mentioned before, PACKER
replaces all blr instructions to blraa. For br instructions,
PACKER changes kernel build by adding -fno-jump-tables
to instruct the compiler not use br instructions.
For function pointer patching, PACKER patches all stat-
ically initialized function pointers and the function pointers
that get assignment before PA initialization. To achieve this,
PACKER uses a giant array to hold all the addresses of pointers
to be patched. It also inserts code after PA initialization to
generate PAC for each pointers. Again, the array is marked as
init data, so that it will be freed after booting up to save the
memory.
Note that PACKER is designed only for kernel code pointer
protection, with only one PA key register is used, and leaving
the other four PA key registers for user space PA protection.
Therefore, PACKER is design with the consideration of user
space PA compatibility.
D. Practical Issues
We encountered numerous practical issues during our im-
plementation of PACKER. Due to the space limitation, here
we only discuss several of them in detail.
1) Function Pointer Comparison: In kernel, function point-
ers are usually used to compare with a function name directly,
as shown by Line 6 in Figure 9. The comparison can be against
a function name, which is the constant address of a function,
or in some rare cases, against magic numbers like 1 or 2. In
our implementation, the value loaded from the pointer would
be transformed into the piggyback form, therefore its value
will not match at every comparison. In those cases, we need
to restore the function pointer after loading from the memory.
The implementation of this part is pretty straightforward: our
IR pass will traverse every CmpInst and check if the type of
the operand is function pointer, if yes, replacing the operand
with the restored value.
1 static inline void *offset_to_ptr(const int *off) {
2 return (void *)((unsigned long)off + *off);
3 }
4
5 static inline initcall_t
initcall_from_entry(initcall_entry_t *entry) {↪→
6 return offset_to_ptr(entry);
7 }
8
9 int __init_or_module do_one_initcall(initcall_t fn)
10 {
11 /* ... */
12 ret = fn();
13 }
14
15 static void __init do_initcall_level(int level) {
16 /* ... */
17 for (fn = initcall_levels[level]; fn <
initcall_levels[level+1]; fn++)↪→
18 do_one_initcall(initcall_from_entry(fn));
19 }
Fig. 10: An example of function arithmetic in kernel. Line 17
contains function pointer increment fn++.
1 // __pa_symbol is done by __kimg_to_phys after macro
expanding↪→
2 #define __kimg_to_phys(addr) ((addr) -
kimage_voffset)↪→
3
4 static inline void cpu_replace_ttbr1(pgd_t *pgdp) {
5 /* ... */
6 replace_phys = (void
*)__pa_symbol(idmap_cpu_replace_ttbr1);↪→
7
8 cpu_install_idmap();
9 replace_phys(ttbr1);
10 cpu_uninstall_idmap();
11 }
Fig. 11: An example of physical address used as a function
pointer. The function pointer replace_phys gets the physical
address at Line 6, is invoked at Line 9.
2) Function Pointer Arithmetic: Besides comparison, arith-
metic on function pointers also exists in Linux kernel. For
instance, do_initcall_level in Line 15 of Figure 10 passes
function pointer fn to do_one_initcall while fn is calcu-
lated using the base address and the offset, as shown in Line
17. Fortunately, such case only appears once at kernel boot
up stage. As we trust the kernel boot up, we consider the
content in variable initcall_levels as benign values, so
in our implementation, after the function pointer is calculated,
we generates the PAC using a constant context and the value
of the pointer, so that it could pass the PAC authentication at
blraa.
3) Function Pointer Holding Physical Address: In Linux,
for certain memory management unit (MMU) related function,
the kernel will use its physical address directly, rather than
virtual address (More precisely, for identical map, the virtual
address and the physical address are the same).
As shown in Figure 11, function
idmap_cpu_replace_ttbr1’s physical address is assigned
to function pointer replace_phys at Line 7. After that,
the kernel turns off the memory management and directly
branch to the physical address holding in replace_phys at
Line 11. Unfortunately, this breaks our rule that all operands
of an indirect call should be a piggyback form pointer, and
the system will go panic when the corresponding blraa
is executed. As we mentioned in previous section, we add
several instructions to change the pointer into piggyback form
with a constant context before the indirect call, and this will
not increase attack surface as the address is constant value
11
1 typedef struct sigevent {
2 /* ... */
3 union {
4 int _pad[SIGEV_PAD_SIZE];
5 int _tid;
6
7 struct {
8 void (*_function)(sigval_t);
9 void *_attribute; /* really pthread_attr_t */
10 } _sigev_thread;
11 } _sigev_un;
12 } sigevent_t;
Fig. 12: An exmaple of union that contains function pointer.
_sigev_un is a union. Function pointer _function is at Line
8.
from a adrp instruction, which cannot be changed by the
attacker.
4) Function Pointer in Union: Union type in kernel can
contain a field that can be both function pointers and data
such as integers, as shown in Figure 12. The data inside
union variables are treated as function pointers or integers
accordingly. This case breaks our assumption that a function
pointer variable cannot contain data of other types. As a result,
Algorithm 1 may mistake an integer for a function pointer. To
address this problem, we use the alignment size of the field to
distinguish whether a union field is a function pointer or not.
Our key observation is that function pointer value is 64-bit,
need to have 64-bit alignment. Therefore, if the program is
using the field as an int32, the entry is considered to be used
as data, either _pad or _tid in the figure; otherwise the type
of the field is a function pointer, and we need to insert the
PACKER code.
Note that the case is rare in Linux kernel and once we
adopt the above rule, we can filter out all the troubles brought
by union type.
VI. EVALUATION
In this section, we evaluate both the security and perfor-
mance of PACKER.
A. Security Analysis
For the security evaluation, we want to examine if
PACKER can protect both function pointers and return ad-
dresses. Therefore, we first analyse the function pointer and
return address coverage. We objdumped the generated vmlinux
and extracted all the function pointer branch instructions and
function return instructions.
For function pointer branch instructions, PACKER com-
piler component replaces all blr instructions in C code by
blraa instruction during the compiling process. PACKER
also manually changes the blr instructions in assembly code
to blraa. As a result, 100% of all function pointer branch
are checked by PACKER. Compared with iOS kernel PA
implementation which has blr residuals, PACKER contains
no raw blr instructions, thus is more secure. Note that blraa
does the PAC authentication and function pointer branch in
one single instruction, giving the attacker no chance to launch
time of check to time of use attacks.
For function pointer storing and loading, the pointer au-
thentication hardware on ARMv8.3 does not provide the
0 0.05 0.1 0.15 0.2 0.25
userspace  arithmetic
context1
syscall-mix
syscall-close
syscall-getpid
syscall-exec
fstime-write
fstime-read
fstime-copy
pipe
spawn (fork)
Normalized Introduced Overhead(kernel directly compiled by LLVM is 0)
FP Protection Enabled FP Protection & RA Protection Enabled
Fig. 13: Performance evaluation of PACKER using Unixbench.
Time overhead of the original kernel is normalized to 1.
atomic instructions for the authenticate-store as well as the
load-authenticate. Therefore, function pointer store and load
are still vulnerable to time of check to time of use attacks.
Here, we want to argue that this is a hardware limitation.
Also, even though the store and load are not atomic, the final
function pointer branch will be authenticated before branch
atomically by PACKER, which can defeat any function pointer
corruptions.
For the return address, we check all functions in vm-
linux dump to examine that for all functions that pushing
return address in prologue and popping return address in
epilogue should be protected by PACKER. We go through
the whole kernel dump using a script and our result shows
that PACKER protects all return address pushing operations.
For all return address pushing operations, PACKER inserts
a PAC generation instruction. For all return address popping
from stack, PACKER changes the return to retaa so that the
return address will be authenticated before the actual return.
Here, different from existing schemes of separating the PAC
authentication instruction and the return instruction into two
instruction [19, 18], PACKER uses a single instruction retaa
to achieve the atomicity of both authentication and return.
Therefore, returns protections in PACKER is more secure by
defeating time of check to time of use attacks.
B. Performance Analysis
We choose Unixbench to evaluate PACKER performance.
Unixbench is dedicated for unix-like systems and can measure
performance of a system from different aspects. Three Linux
kernels, which have the same version and configuration but
different security level, are tested. One of them is compiled
with original LLVM and is used as our baseline. The other two
are both protected by PACKER, but one of them does not have
return address protection. For each kernel, we have conducted
12
all the tests listed in Figure 13 and these tests focus on critical
system calls. Note that all the syscall-unrelated arithmetic
tests like whetstone and arithoh have little connection with
the performance of PACKER kernel, so their performance
overhead are averaged and treated as the userspace arithmetic
test in Figure 13.
Compared with the original kernel without PACKER pro-
tection, PACKER introduces around 10%-20% performance
overhead. Complex syscalls like fork and write introduce
more overhead because the number of stack frames and func-
tion pointer calls is larger. PACKER also introduces around
1%-2% overhead on userspace arithmetic because PACKER
also protects kernel context switch and makes it a little
bit slower. Note that performance overhead does not mean
PACKER kernel is 10%-20% larger than the original kernel.
In fact, PACKER image size is 7.0% larger.
We believe that the performance overhead is not low, but
reasonable and acceptable. It is reasonable because kernel itself
is much more complex than most user application. It contains
many function pointers and indirect calls. The calling stack
in kernel is also badly nested. Besides, protection of context
switch and indirect calls inside interruption handlers also add
to our overhead. We argue that the result is also acceptable
because it reflects the upper bound of PACKER overhead. In
this evaluation, it is the pure syscall overhead that we have
measured. A user application cannot call complex system calls
like fork all the time. So for users of PACKER system, the
overhead is better than our result.
In our future work, we are planning more evaluation of
PACKER, including the instruction count and performance
overhead break down. We also plan to optimize the perfor-
mance of PACKER based on the evaluation results.
VII. RELATED WORK
There are variant CFI mechanisms to defend code reuse
attacks. Among all defense mechanisms proposed against ROP,
ASLR is widely used in modern operating systems, the address
of the program will be randomized under such protections so
that attackers cant easily locate the gadgets. Beside ASLR,
function pointer encryption is proposed with different encrypt
methods [36, 37, 38] to defend JOP attacks. In those methods,
function pointers will be encrypted with a process/thread
specific secret key and decrypted when being used.
CFI will compute a control-flow graph in advance to ensure
the control transfers are within the pre-computed graph. And
most CFI mechanisms can not protect both user programs and
kernels due to the huge differences in between. Moreover,
as most software control-flow protection techniques suffer
from high performance overhead, hardware-assists control flow
protection mechanisms are proposed. These techniques [39,
40, 41, 42, 43, 20] leverage hardware feature or add extra
hardware modules to realize protection operations, thus reduce
the overhead.
A. User CFI
1) Software-Based CFI: Compact Control Flow Integrity
and Randomization (CCFIR) [13] protects both forward-edge
and backward-edge control-flow integrity for binary executa-
bles. CCFIR implements a new code segment named Spring-
board which contains stubs of all indirect targets (i.e. function
pointers and return addresses). CCFIR redirects all indirect
jump/call instructions and ret instructions to jump to
stubs in Springboard with specified policies. Bin-CFI [14]
provides control-flow integrity for COTS binaries. It uses a
similar design to CCFIR instrument to enforce control-flow
integrity. However, both CCFIR and bin-CFI are found to be
insufficient [44, 45].
2) Hardware-Assisted CFI: Cryptographic CFI
(CCFI) [16] employs cryptography mechanism to protect
the control-flow integrity. Similar to PACKER, CCFI uses
cryptographic MACs which is produced with AES. CCFI
calculates and checks MACs of function pointers and return
address when they are loaded. Thus, CCFI protects both
forward-edge and backward-edge control flow integrity. And
CCFI uses address as context to compute MAC which is
the same design as PACKER. Opaque control-flow integrity
(O-CFI) [17] protects control-flow integrity by restricting
indirect branch targets within an address bound. The address
bound can be derived from source code or object code
and can be randomized by code layout randomization [8].
When a program is loaded, O-CFI randomly selects a bound
pair, which indicates the legal branch address region, from
a bounds lookup table. And O-CFI needs the help of x86
segmentation selector to prevent accident leakage of the
bounds lookup table. The overhead of O-CFI is 4.7%.
As ROP attacks need to continuously execute several
gadgets, KBouncer [46], as well as ROPecker [47], use
Last Branch Recording (LBR), which records last executed
branches, to detect ROP attacks. And the latter one has an
average overhead of 2.6%. Since LBR only records last 16
branches, CFIMon [48] uses branch trace store to break the
limitation. The authors argue that CFIMon prevents both JOP
and ROP attacks. And CFIMon has an overhead of 6.1%,
higher than KBouncer and ROPecker.
B. Kernel CFI
[49] and [50] proposed fine-grained control-flow integrity
solutions for kernel. Since computing kernel control flow graph
is a tricky thing, they mainly focus on reducing the number
of indirect control-flow targets in static analysis and both
of them achieved more than 99% of indirect control-flow
targets. For enforcing control flow integrity [50] uses restricted
pointer indexing [51] to enforce kernel control-flow integrity
while [49] uses a similar scheme named indexed hooks [52].
KCoFI [53], which extends secure virtual architecture
(SVA) [54], provides a coarse-grained but complete kernel
control-flow integrity solution. KCoFI needs to recompile the
whole operating system kernel into a virtual instruction set
which benefits the security by ensuring security policies are
not violated. And the formal model of KCoFI is only partial
proved. Both KCoFI and PACKER need support of the com-
piler. However, KCoFI introduces a significant performance
overhead due to the virtual instruction set while PACKER
employs existing hardware feature and introduce a much lower
overhead.
13
VIII. CONCLUSION
This paper presents PACKER, which utilizes ARMv8.3
pointer authentication for kernel code pointer protection. In
particular, PACKER generates PAC for every function pointer
store and return address pushing to stack, and authenticates
the PAC on every function pointer load and branch, and
return address popping from stack. Moreover, to defeat pointer
substitution attacks, we propose a novel address-based PAC
generation based on the observation that all function pointers in
kernel have a different virtual address, which can be used as the
context to achieve unique PAC. To achieve address-based PAC,
we design the pointer-address piggyback for address propaga-
tion. We also proposed new techniques for identifying function
pointers, for pointer store, load and branch authentication and
for handling statically initialized function pointers.
We have implemented a prototype of PACKER based
on Clang/LLVM and Linux kernel. In our implementation,
PACKER is able to protection 100% of indirect call sites
and return addresses. We further evaluated our implementation
on ARM Fixed Virtual Platforms. For all eight tests, the
performance overhead introduced by PACKER ranges from
15% to 25%.
In our future work, we plan to test the performance of
PACKER thoroughly, by using different techniques such as
the instruction counting. Based on the evaluation results, we
also plan to optimize PACKER.
REFERENCES
[1] “Getting around non-executable stack (and fix),” https:
//seclists.org/bugtraq/1997/Aug/63.
[2] H. Shacham, “The geometry of innocent flesh on the
bone: Return-into-libc without function calls (on the
x86),” in Proceedings of the 14th ACM Conference on
Computer and Communications Security, 2007.
[3] E. Buchanan, R. Roemer, H. Shacham, and S. Savage,
“When good instructions go bad: Generalizing return-
oriented programming to risc,” in Proceedings of the
15th ACM Conference on Computer and Communications
Security, 2008.
[4] R. Roemer, E. Buchanan, H. Shacham, and S. Savage,
“Return-oriented programming: Systems, languages, and
applications,” ACM Transactions on Information and
System Security, 2012.
[5] “Pax team: Address space layout randomization (aslr),”
http://pax.grsecurity.net/docs/aslr.txt.
[6] C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum, “En-
hanced operating system security through efficient and
fine-grained address space randomization,” in Proceed-
ings of the 21th USENIX Security Symposium, 2012.
[7] M. Backes and S. Nu¨rnberger, “Oxymoron: Making fine-
grained memory randomization practical by allowing
code sharing,” in Proceedings of the 23rd USENIX Secu-
rity Symposium, 2014.
[8] R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin, “Binary
stirring: Self-randomizing instruction addresses of legacy
x86 binary code,” in Proceedings of the 2012 ACM
conference on Computer and communications security,
2012.
[9] K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and
E. Kirda, “G-free: Defeating return-oriented program-
ming through gadget-less binaries,” in Proceedings of the
26th Annual Computer Security Applications Conference,
2010.
[10] H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu,
and D. Boneh, “On the effectiveness of address-space
randomization,” in Proceedings of the 11th ACM Confer-
ence on Computer and Communications Security, 2004.
[11] R. Hund, C. Willems, and T. Holz, “Practical timing side
channel attacks against kernel space aslr,” in Proceedings
of the 2013 IEEE Symposium on Security and Privacy,
2013.
[12] M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti,
“Control-flow integrity,” in Proceedings of the 12th ACM
Conference on Computer and Communications Security,
2005.
[13] C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres,
S. McCamant, D. Song, and W. Zou, “Practical control
flow integrity and randomization for binary executables,”
in Proceedings of the 2013 IEEE Symposium on Security
and Privacy, 2013.
[14] M. Zhang and R. Sekar, “Control flow integrity for
{COTS} binaries,” in Proceedings of the 22rd USENIX
Security Symposium, 2013.
[15] N. Carlini, A. Barresi, M. Payer, D. Wagner, and
T. R. Gross, “Control-flow bending: On the effectiveness
of control-flow integrity,” in Proceedings of the 24th
USENIX Conference on Security Symposium, 2015.
[16] A. J. Mashtizadeh, A. Bittau, D. Boneh, and D. Mazie`res,
“Ccfi: Cryptographically enforced control flow integrity,”
in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015.
[17] V. Mohan, P. Larsen, S. Brunthaler, K. W. Hamlen, and
M. Franz, “Opaque control-flow integrity.” in Proceed-
ings of the 2015 Network and Distributed System Security
Symposium, 2015.
[18] “Armv8.3 pointer authentication,” https://events.static.
linuxfound.org/sites/events/files/slides/slides 23.pdf.
[19] “Pointer authentication on armv8.3,” https:
//www.qualcomm.com/media/documents/files/
whitepaper-pointer-authentication-on-armv8-3.pdf.
[20] H. Liljestrand, T. Nyman, K. Wang, C. C. Perez, J.-
E. Ekberg, and N. Asokan, “{PAC} it up: Towards
pointer integrity using {ARM} pointer authentication,”
in Proceedings of the 28th USENIX Security Symposium,
2019.
[21] H. Liljestrand, T. Nyman, J. Ekberg, and N. Asokan,
“Authenticated call stack,” in Proceedings of the 56th
Annual Design Automation Conference, 2019.
[22] H. Liljestrand, Z. Gauhar, T. Nyman, J. Ekberg, and
N. Asokan, “Protecting the stack with paced canaries,”
in Proceedings of the 4th Workshop on System Software
for Trusted Execution, 2019.
[23] “Pointer authentication on armv8.3,” https:
//www.qualcomm.com/media/documents/files/
whitepaper-pointer-authentication-on-armv8-3.pdf.
[24] “Memory tagging extension: Enhancing memory safety
through architecture,” https://community.arm.com/
developer/ip-products/processors/b/processors-ip-blog/
posts/enhancing-memory-safety.
[25] R. Avanzi, “The qarma block cipher family. almost mds
matrices over rings with zero divisors, nearly symmetric
even-mansour constructions with non-involutory central
14
rounds, and search heuristics for low-latency s-boxes,”
IACR Transactions on Symmetric Cryptology, 2017.
[26] L. Szekeres, M. Payer, T. Wei, and D. Song, “Sok:
Eternal war in memory,” in Proceedings of the 2013 IEEE
Symposium on Security and Privacy, 2013.
[27] B. Belleville, W. Shen, S. Volckaert, A. M. Azab, and
M. Franz, “Kald: Detecting direct pointer disclosure
vulnerabilities,” IEEE Transactions on Dependable and
Secure Computing, 2019.
[28] A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar,
G. Ganesh, J. Ma, and W. Shen, “Hypervision across
worlds: Real-time kernel protection from the arm trust-
zone secure world,” in Proceedings of the 2014 ACM
SIGSAC Conference on Computer and Communications
Security, 2014.
[29] A. M. Azab, K. Swidowski, R. Bhutkar, J. Ma, W. Shen,
R. Wang, and P. Ning, “Skee: A lightweight secure
kernel-level execution environment for arm.” in Proceed-
ings of the 2016 Network and Distributed System Security
Symposium, 2016.
[30] “Arm trustzone technology,” https://developer.arm.com/
ip-products/security-ip/trustzone.
[31] T. Zhang, W. Shen, D. Lee, C. Jung, A. M. Azab, and
R. Wang, “Pex: a permission check analysis framework
for linux kernel,” in Proceedings of the 28th USENIX
Security Symposium, 2019.
[32] C. Tice, T. Roeder, P. Collingbourne, S. Checkoway,
U´. Erlingsson, L. Lozano, and G. Pike, “Enforc-
ing forward-edge control-flow integrity in {GCC} &
{LLVM},” in Proceedings of the 23rd USENIX Security
Symposium, 2014.
[33] “Arm pointer authentication,” https://lwn.net/Articles/
718888/.
[34] “Pointer authentication in aarch64 linux,”
https://www.infradead.org/∼mchehab/rst conversion/
arm64/pointer-authentication.html.
[35] “struct ptrauth keys keys user,” https://elixir.bootlin.
com/linux/v5.2.8/source/arch/arm64/include/asm/
processor.h#L148.
[36] “Encoding and decoding function pointers,” http://www.
open-std.org/jtc1/sc22/wg14/www/docs/n1332.pdf.
[37] D. Williams-King, G. Gobieski, K. Williams-King, J. P.
Blake, X. Yuan, P. Colp, M. Zheng, V. P. Kemerlis,
J. Yang, and W. Aiello, “Shuffler: Fast and deployable
continuous code re-randomization,” in Proceedings of the
12th USENIX Symposium on Operating Systems Design
and Implementation, 2016.
[38] C. Cowan, S. Beattie, J. Johansen, and P. Wagle, “Point-
guard: Protecting pointers from buffer overflow vulner-
abilities,” in Proceedings of the 12th USENIX Security
Symposium, 2003.
[39] L. Davi, P. Koeberl, and A.-R. Sadeghi, “Hardware-
assisted fine-grained control-flow integrity: Towards
efficient protection of embedded systems against
software exploitation,” in Proceedings of the 51st
ACM/EDAC/IEEE Design Automation Conference, 2014.
[40] L. Davi, M. Hanreich, D. Paul, A.-R. Sadeghi, P. Koeberl,
D. Sullivan, O. Arias, and Y. Jin, “Hafix: Hardware-
assisted flow integrity extension,” in Proceedings of the
52nd Annual Design Automation Conference, 2015.
[41] P. Qiu, Y. Lyu, D. Zhai, D. Wang, J. Zhang, X. Wang,
and G. Qu, “Physical unclonable functions-based linear
encryption against code reuse attacks,” in Proceedings of
the 53rd ACM/EDAC/IEEE Design Automation Confer-
ence, 2016.
[42] P. Qiu, Y. Lyu, J. Zhang, D. Wang, and G. Qu, “Control
flow integrity based on lightweight encryption architec-
ture,” IEEE Transactions on Computer-Aided Design of
Integrated Circuits and Systems, 2017.
[43] J. Zhang, B. Qi, Z. Qin, and G. Qu, “Hcic: Hardware-
assisted control-flow integrity checking,” IEEE Internet
of Things Journal, 2018.
[44] E. Go¨ktas, E. Athanasopoulos, H. Bos, and G. Portoka-
lidis, “Out of control: Overcoming control-flow integrity,”
in Proceedings of the 2014 IEEE Symposium on Security
and Privacy, 2014.
[45] L. Davi, A.-R. Sadeghi, D. Lehmann, and F. Monrose,
“Stitching the gadgets: On the ineffectiveness of coarse-
grained control-flow integrity protection,” in Proceedings
of the 23rd USENIX Security Symposium, 2014.
[46] V. Pappas, “kbouncer: Efficient and transparent rop mit-
igation,” Apr, 2012.
[47] Y. Cheng, Z. Zhou, Y. Miao, X. Ding, and R. H. Deng,
“Ropecker: A generic and practical approach for defend-
ing against rop attack.” Internet Society, 2014.
[48] Y. Xia, Y. Liu, H. Chen, and B. Zang, “Cfimon: Detecting
violation of control flow integrity using performance
counters,” in Proceedings of IEEE/IFIP International
Conference on Dependable Systems and Networks, 2012.
[49] J. Li, X. Tong, F. Zhang, and J. Ma, “Fine-cfi: fine-
grained control-flow integrity for operating system ker-
nels,” IEEE Transactions on Information Forensics and
Security, 2018.
[50] X. Ge, N. Talele, M. Payer, and T. Jaeger, “Fine-grained
control-flow integrity for kernel software,” in Proceedings
of the 2016 IEEE European Symposium on Security and
Privacy, 2016.
[51] Z. Wang and X. Jiang, “Hypersafe: A lightweight ap-
proach to provide lifetime hypervisor control-flow in-
tegrity,” in Proceedings of the 2010 IEEE Symposium on
Security and Privacy, 2010.
[52] J. Li, Z. Wang, T. Bletsch, D. Srinivasan, M. Grace,
and X. Jiang, “Comprehensive and efficient protection of
kernel control data,” IEEE Transactions on Information
Forensics and Security, 2011.
[53] J. Criswell, N. Dautenhahn, and V. Adve, “Kcofi: Com-
plete control-flow integrity for commodity operating sys-
tem kernels,” in Proceedings of the 2014 IEEE Sympo-
sium on Security and Privacy, 2014.
[54] J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve,
“Secure virtual architecture: A safe execution environ-
ment for commodity operating systems,” ACM SIGOPS
Operating Systems Review, 2007.
15
