InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion. (arXiv:2304.08717v1 [cs.CR])

With the increasing popularity of AArch64 processors in general-purpose
computing, securing software running on AArch64 systems against control-flow
hijacking attacks has become a critical part toward secure computation. Shadow
stacks keep shadow copies of function return addresses and, when protected from
illegal modifications and coupled with forward-edge control-flow integrity,
form an effective and proven defense against such attacks. However, AArch64
lacks native support for write-protected shadow stacks, while software
alternatives either incur prohibitive performance overhead or provide weak
security guarantees. …

addresses applications attacks computation computing control critical defense edge flow forward function general hardware hijacking integrity performance privilege processors protection return secure computation security shadow software stacks support systems