Return to search

PACTIGHT: Tightly Seal Sensitive Pointers with Pointer Authentication

ARM is becoming more popular in desktops and data centers. This opens a new realm in terms of security attacks against ARM, increasing the importance of having an effective and efficient defense mechanism for ARM. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Recently, it has been found to be vulnerable.

In this thesis, we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers. We propose PACTight to tightly seal these pointers from attacks targeting Pointer Authentication itself as well as from control-flow hijacks. PACTight utilizes a strong and unique modifier that addresses the current issues with PAC and its implementations. We implement four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, we show that PACTight defenses are more efficient and secure than their counterparts. We evaluated PACTight on 30 different applications, including NGINX web server and using real PAC instructions, with an average performance and memory overhead of 4.28% and 23.2% respectively even when enforcing its strongest defense. As far as we know, PACTight is the first defense mechanism to demonstrate effectiveness and efficiency with real PAC instructions. / M.S. / ARM is slowly but surely establishing itself in the market for desktops and data centers. Intel has been the dominant force for some time but ARM’s entrance into that realm opens up new avenues and possibilities for security attacks against ARM machines. Thus, it is becoming increasingly important to develop an effective and efficient defense mechanism for ARM against possible security threats, particularly against memory corruption vulnerabilities. Memory corruption vulnerabilities are still very prevalent in today’s security realm and have been for the past thirty years. Different hardware vendors have developed a variety of hardware features to combat them and ARM is no different. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Pointer Authentication allows developers to utilize the unused bits of a pointer and add a cryptographic hash that can ensure the pointer hasn’t been tampered with. Pointer Authentication has been utilized in other solutions by security researchers. However, these solutions are either incomplete in their coverage or lack enough randomness for the cryptographic hash. In this thesis we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers in memory corruption attacks. This thesis presents PACTight to tightly seal these pointers from attacks abusing the limited randomness of the hash as well as control-flow hijack attacks. PACTight implements four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, this thesis show that PACTight defenses are more efficient and secure than their counterparts.

Identiferoai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/107411
Date02 December 2021
CreatorsIsmail, Mohannad A
ContributorsElectrical and Computer Engineering, Min, Changwoo, Yao, Danfeng, Wang, Haining
PublisherVirginia Tech
Source SetsVirginia Tech Theses and Dissertation
LanguageEnglish
Detected LanguageEnglish
TypeThesis
FormatETD, application/pdf, application/pdf
RightsAttribution-NonCommercial-NoDerivatives 4.0 International, http://creativecommons.org/licenses/by-nc-nd/4.0/

Page generated in 0.0021 seconds