KERNEL SENSITIVE DATA INTEGRITY PROTECTION METHOD BASED ON ARM POINTER AUTHENTICATION

摘要

A kernel sensitive data integrity protection method based on ARM pointer authentication, to provide integrity protection for sensitive data specified by a user in an operating system kernel by using a universal pointer authentication code. The method comprises the following steps: (1) positioning all reading and writing for sensitive data in an operating system kernel code by means of a points-to analysis technology; (2) inserting a pointer authentication instruction such that a pointer authentication code is generated and written before writing the sensitive data to a memory, and the pointer authentication code is checked after reading the sensitive data from the memory; and (3) modifying a kernel start code of an operating system, initializing pointer authentication characteristics at the early stage of start, and then initializing the pointer authentication code of global sensitive data. This method efficiently protects the integrity of the sensitive data of the operating system kernel by using a pointer authentication technology.