https://arxiv.org/abs/2202.08669

close this message
arXiv smileybones icon

Global Survey

In just 3 minutes, help us better understand how you perceive arXiv.
Take the survey

TAKE SURVEY
Skip to main content
Cornell University
We gratefully acknowledge support from
the Simons Foundation and member institutions.
 
arxiv logo > cs > arXiv:2202.08669
[                    ]

Help | Advanced Search

[All fields        ]
Search
arXiv logo
Cornell University Logo
[                    ] GO
quick links

  * Login
  * Help Pages
  * About

Computer Science > Cryptography and Security

arXiv:2202.08669 (cs)
[Submitted on 17 Feb 2022]

Title:PACSafe: Leveraging ARM Pointer Authentication for Memory
Safety in C/C++

Authors:Konrad Hohentanner, Philipp Zieris, Julian Horsch
Download PDF

    Abstract: Memory safety bugs remain in the top ranks of security
    vulnerabilities, even after decades of research on their
    detection and prevention. Various mitigations have been proposed
    for C/C++, ranging from language dialects to instrumentation.
    Among these, compiler-based instrumentation is particularly
    promising, not requiring manual code modifications and being able
    to achieve precise memory safety. Unfortunately, existing
    compiler-based solutions compromise in many areas, including
    performance but also usability and memory safety guarantees. New
    developments in hardware can help improve performance and
    security of compiler-based memory safety. ARM Pointer
    Authentication, added in the ARMv8.3 architecture, is intended to
    enable hardware-assisted Control Flow Integrity. But since its
    operations are relatively generic, it also enables other, more
    comprehensive hardware-supported runtime integrity approaches. As
    such, we propose PACSafe, a memory safety approach based on ARM
    Pointer Authentication. PACSafe uses pointer signatures to
    retrofit full memory safety to C/C++ programs, protecting heap,
    stack, and globals against temporal and spatial vulnerabilities.
    We present a full, LLVM-based prototype implementation, running
    on an M1 MacBook Pro, i.e., on actual ARMv8.3 hardware. Our
    prototype evaluation shows that the system outperforms similar
    approaches under real-world conditions. This, together with its
    compatibility with uninstrumented libraries and cryptographic
    protection against attacks on metadata, makes PACSafe a viable
    solution for retrofitting memory safety to C/C++ programs.

Subjects: Cryptography and Security (cs.CR); Programming Languages
          (cs.PL); Software Engineering (cs.SE)
Cite as:  arXiv:2202.08669 [cs.CR]
          (or arXiv:2202.08669v1 [cs.CR] for this version)
          https://doi.org/10.48550/arXiv.2202.08669
          Focus to learn more
          arXiv-issued DOI via DataCite

Submission history

From: Julian Horsch [view email]
[v1] Thu, 17 Feb 2022 14:04:01 UTC (369 KB)
Full-text links:

Download:

  * PDF
  * Other formats

(license)
Current browse context:
cs.CR
< prev   |   next >
new | recent | 2202
Change to browse by:
cs
cs.PL
cs.SE

References & Citations

  * NASA ADS
  * Google Scholar
  * Semantic Scholar

a export bibtex citation Loading...

Bibtex formatted citation

x
[loading...          ]
Data provided by:

Bookmark

BibSonomy logo Mendeley logo Reddit logo ScienceWISE logo
(*) Bibliographic Tools

Bibliographic and Citation Tools

[ ] Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
[ ] Litmaps Toggle
Litmaps (What is Litmaps?)
[ ] scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
( ) Code & Data

Code and Data Associated with this Article

[ ] arXiv Links to Code Toggle
arXiv Links to Code & Data (What is Links to Code & Data?)
( ) Related Papers

Recommenders and Search Tools

[ ] Connected Papers Toggle
Connected Papers (What is Connected Papers?)
[ ] Core recommender toggle
CORE Recommender (What is CORE?)
( ) About arXivLabs

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and
share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have
embraced and accepted our values of openness, community, excellence,
and user data privacy. arXiv is committed to these values and only
works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community?
Learn more about arXivLabs and how to get involved.

Which authors of this paper are endorsers? | Disable MathJax (What is
MathJax?)

  * About
  * Help

  * Click here to contact arXiv Contact
  * Click here to subscribe Subscribe

  * Copyright
  * Privacy Policy

  * Web Accessibility Assistance
  * arXiv Operational Status
    Get status notifications via email or slack