HIVE: A Hardware-assisted Isolated Execution Environment for eBPF on AArch64

eBPF has become a critical component in Linux. To ensure kernel security, BPF programs are statically verified before being loaded and executed in the kernel. However, the state-of-the-art eBPF verifier has both security and complexity issues. To this end, we choose to look at BPF programs from a new perspective and regard them as a new type of kernel-mode application, thus an isolation-based rather than a verificationbased approach is needed. In this paper, we propose HIVE, an isolation execution environment for BPF programs on AArch64. To provide the equivalent security guarantees, we systematize the security aims of the eBPF verifier and categorize two types of pointers in eBPF: the inclusive type pointer that points to BPF objects and the exclusive type pointer that points to kernel objects. For the former, HIVE compartmentalizes all BPF memory from the kernel and de-privileges the memory accesses in the BPF programs by leveraging the load/store unprivileged instructions; for the latter, HIVE utilizes the pointer authentication feature to enforce access controls of kernel objects. Evaluation results show that HIVE is not only efficient but also supports complex BPF programs.