This work addresses transient execution attacks (e.g., Spectre) and control-flow hijacking on ARM64 platforms by proposing a compiler-level defense mechanism that integrates speculative execution semantics with control-flow dependencies. The approach synergistically leverages ARM64’s Pointer Authentication (PA) and Branch Target Identification (BTI) hardware features, introducing novel techniques of modifier fusion and carrier register reuse. This design ensures strong control-flow integrity while substantially reducing performance overhead. Experimental evaluation demonstrates an average performance overhead of only 3.85% on SPEC CPU2017, with real-world applications exhibiting overheads ranging from 2.97% to 7.80%, thereby achieving efficient and low-cost security protection.

We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to prevent control-flow speculation attacks and secure both control flow and speculative execution through existing control-flow integrity mechanisms. To optimize performance, Janus minimizes overhead by merging defense operations across different defense layers (modifier fusion) and reusing registers of protected variables (carrier reuse), while maintaining strong security guarantees. Evaluation on SPEC CPU2017 shows an average performance overhead of 3.85%, with real-world applications exhibiting overheads ranging from 2.97% to 7.80%. Janus offers effective speculative execution security and low performance and code size overhead, making it a robust solution for ARM-based systems.