PAC it up: Towards Pointer Integrity using ARM Pointer Authentication

Authors: 

Hans Liljestrand, Aalto University, Huawei Technologies Oy; Thomas Nyman, Aalto University; Kui Wang, Huawei Technologies Oy, Tampere University of Technology; Carlos Chinea Perez, Huawei Technologies Oy; Jan-Erik Ekberg, Huawei Technologies Oy, Aalto University; N. Asokan, Aalto University

Abstract: 

Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures against specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to harden software against various classes of memory attacks. In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity. We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better protection than current solutions at a reasonable performance overhead.

USENIX Security '19 Open Access Videos Sponsored by
King Abdullah University of Science and Technology (KAUST)

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {235471,
author = {Hans Liljestrand and Thomas Nyman and Kui Wang and Carlos Chinea Perez and Jan-Erik Ekberg and N. Asokan},
title = {{PAC} it up: Towards Pointer Integrity using {ARM} Pointer Authentication},
booktitle = {28th USENIX Security Symposium (USENIX Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {177--194},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/liljestrand},
publisher = {USENIX Association},
month = aug
}

Presentation Video