skip to main content
10.1145/3316781.3322469acmconferencesArticle/Chapter ViewAbstractPublication PagesdacConference Proceedingsconference-collections
research-article

Authenticated Call Stack

Published: 02 June 2019 Publication History

Abstract

Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.

References

[1]
Martín Abadi et al. 2009. Control-flow Integrity Principles, Implementations, and Applications. ACM Trans. Inf. Syst. Secur. 13, 1 (Nov. 2009), 4:1--4:40.
[2]
ARM Ltd. 2017. ARMv8 Architecture Reference Manual, for ARMv8-A architecture profile (ARM DDI 0487C.a). https://static.docs.arm.com/ddi0487/ca/DDI0487C_a_armv8_arm.pdf.
[3]
Roberto Avanzi. 2017. The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes. IACR Trans. Symmetric Cryptol. 2017, 1 (2017), 4--44.
[4]
Nathan Burow et al. 2019. SoK: Shining Light on Shadow Stacks. arXiv:1811.03165v2 {cs.CR}. https://arxiv.org/abs/1811.03165v2
[5]
Intel. 2016. Control-flow Enforcement Technology Preview. https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf.
[6]
Tim Kornau. 2009. Return Oriented Programming for the ARM Architecture. Ph.D. Dissertation. Ruhr-Universität Bochum.
[7]
Hans Liljestrand et al. 2019. PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. (to appear) Usenix SEC 2019, arXiv:1811.09189 {cs.CR}. https://arxiv.org/abs/1811.09189
[8]
Qualcomm. 2017. Pointer Authentication on ARMv8.3. https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf.

Cited By

View all
  • (2024)TCSA: Efficient Localization of Busy-Wait Synchronization Bugs for Latency-Critical ApplicationsIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2023.334257335:2(297-309)Online publication date: Feb-2024
  • (2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.3334277(1-16)Online publication date: 2024
  • (2024)kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS KernelsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333426821:4(3768-3784)Online publication date: Jul-2024
  • Show More Cited By
  1. Authenticated Call Stack

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019
    June 2019
    1378 pages
    ISBN:9781450367257
    DOI:10.1145/3316781
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 02 June 2019

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    DAC '19
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

    Upcoming Conference

    DAC '25
    62nd ACM/IEEE Design Automation Conference
    June 22 - 26, 2025
    San Francisco , CA , USA

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)35
    • Downloads (Last 6 weeks)4
    Reflects downloads up to 01 Mar 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)TCSA: Efficient Localization of Busy-Wait Synchronization Bugs for Latency-Critical ApplicationsIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2023.334257335:2(297-309)Online publication date: Feb-2024
    • (2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.3334277(1-16)Online publication date: 2024
    • (2024)kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS KernelsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333426821:4(3768-3784)Online publication date: Jul-2024
    • (2024)WindowGuardian: Return Address Integrity for ESP32 Microcontrollers with Xtensa Processors using AES and Register Windows2024 13th Mediterranean Conference on Embedded Computing (MECO)10.1109/MECO62516.2024.10577840(1-8)Online publication date: 11-Jun-2024
    • (2023)Window Canaries: Re-Thinking Stack Canaries for Architectures With Register WindowsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.323074820:6(4637-4647)Online publication date: Nov-2023
    • (2022)RIPEMB: A framework for assessing hardware-assisted software security schemes in embedded systemsProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3539013(1-6)Online publication date: 23-Aug-2022
    • (2022)Survey of Control-flow Integrity Techniques for Real-time Embedded SystemsACM Transactions on Embedded Computing Systems10.1145/353827521:4(1-32)Online publication date: 4-Oct-2022
    • (2022)Return-oriented programming protection in the IBM POWER10Proceedings of the 19th ACM International Conference on Computing Frontiers10.1145/3528416.3530245(173-176)Online publication date: 17-May-2022
    • (2022)CRAlert: Hardware-Assisted Code Reuse Attack DetectionIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2021.311844369:3(1607-1611)Online publication date: Mar-2022
    • (2022)Toward Register Spilling Security Using LLVM and ARM Pointer AuthenticationIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319751141:11(3757-3766)Online publication date: Nov-2022
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media