PTAuth: Temporal Memory Safety via Robust Points-to Authentication

by   Reza Mirzazade Farkhani, et al.

Temporal memory corruptions are commonly exploited software vulnerabilities that can lead to powerful attacks. Despite significant progress made by decades of research on mitigation techniques, existing countermeasures fall short due to either limited coverage or overly high overhead. Furthermore, they require external mechanisms (e.g., spatial memory safety) to protect their metadata. Otherwise, their protection can be bypassed or disabled. To address these limitations, we present robust points-to authentication, a novel runtime scheme for detecting all kinds of temporal memory corruptions. We built a prototype system, called PTAuth, that realizes this scheme on ARM architectures. PTAuth contains a customized compiler for code analysis and instrumentation and a runtime library for performing the points-to authentication as a protected program runs. PTAuth leverages the Pointer Authentication Code (PAC) feature provided by the latest ARM CPUs, which serves as a simple hardware-based encryption primitive. PTAuth uses minimal in-memory metadata and protects its metadata without requiring spatial memory safety. We report our evaluation of PTAuth in terms of security, robustness and performance using 150 vulnerable programs from Juliet test suite and the SPEC CPU2006 benchmarks. PTAuth detects all temporal memory corruptions from all 3 categories, generates zero false alerts, and slows down program execution by 26.0 to be lower on hardware with PAC support).


page 5

page 6


PACSafe: Leveraging ARM Pointer Authentication for Memory Safety in C/C++

Memory safety bugs remain in the top ranks of security vulnerabilities, ...

Practical Byte-Granular Memory Blacklisting using Califorms

Recent rapid strides in memory safety tools and hardware have improved s...

Towards cryptographically-authenticated in-memory data structures

Modern processors include high-performance cryptographic functionalities...

SPAM: Stateless Permutation of Application Memory

In this paper, we propose the Stateless Permutation of Application Memor...

CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle

Capability machines such as CHERI provide memory capabilities that can b...

CrypTag: Thwarting Physical and Logical Memory Vulnerabilities using Cryptographically Colored Memory

Memory vulnerabilities are a major threat to many computing systems. To ...

CGuard: Efficient Spatial Safety for C

Spatial safety violations are the root cause of many security attacks an...

Please sign up or login with your details

Forgot password? Click here to reset