由于精确分析的缺失和基于软件实现的局限性，现有工作对控制数据缺乏时域上的持续验证和空域上的唯一性保护，导致已部署的保护机制安全性不足；同时缺乏针对非控制数据的细粒度及高效保护，阻碍了内核相关保护机制的大规模部署。另一方面，针对操作系统控制和非控制数据的攻击在理论积累和攻击技术上越发成熟，对实际系统的攻击愈演愈烈，严重威胁操作系统安全性。.针对这些问题，本项目提出基于ARM指针验证（PA）硬件的操作系统内核控制和非控制数据保护。本项目拟研究控制数据在时域和空域上的保护问题，提出控制数据全生命周期保护的概念，使用PA对控制数据的整个赋值链进行保护，并且在空域上使用地址绑定确保其唯一性。本项目同时研究非控制数据的安全性和可用性，提出结构体链式保护技术来保证PA验证的高可用性。基于上述技术，本项目拟构建安全性高、性能开销小的内核保护原型系统，为内核数据防护的大规模商业化部署提供新型技术和实用方案。

Nowadays, due to the lack of precise points-to analysis and dedicated hardware support, existing research works cannot authenticate kernel control data continuously, neither can guarantee its uniqueness. As a result, they are vulnerable to various attacks. Moreover, there are no fine-grained and high-efficient protection solutions for kernel non-control data, major commercial operating systems have not deployed techniques to protect its security. On the contrary, operating system attacking techniques are becoming more mature and sophisticated, and real attacks on operating systems are becoming more and more frequent. Exiting protection schemes cannot defend against these attacks. ..To address this problem, this research project proposes to use dedicated hardware called ARM Pointer Authentication (PA), to protect both control and non-control data for operating system kernels. For control data, this research project comes up with the concept of pointer whole life-cycle protection, in which the whole assignment chain is authenticated. Moreover, this research project also proposes to use address binding to achieve the uniqueness of control data. For the non-control data, this research project investigates the high-efficient solution of using PA to protect data structures. Finally, this research project will build a practical prototype, providing new PA-based techniques for kernel protection.