PAC it up: Towards Pointer Integrity using ARM Pointer Authentication

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Standard

PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. / Liljestrand, Hans; Nyman, Thomas; Wang, Kui; Chinea Perez, Carlos; Ekberg, Jan-Erik; Asokan, N.

Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019. USENIX Association, 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Harvard

Liljestrand, H, Nyman, T, Wang, K, Chinea Perez, C, Ekberg, J-E & Asokan, N 2019, PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. in Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019. USENIX Association.

APA

Liljestrand, H., Nyman, T., Wang, K., Chinea Perez, C., Ekberg, J-E., & Asokan, N. (Accepted/In press). PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. In Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019 USENIX Association.

Vancouver

Liljestrand H, Nyman T, Wang K, Chinea Perez C, Ekberg J-E, Asokan N. PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. In Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019. USENIX Association. 2019

Author

Liljestrand, Hans ; Nyman, Thomas ; Wang, Kui ; Chinea Perez, Carlos ; Ekberg, Jan-Erik ; Asokan, N. / PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019. USENIX Association, 2019.

Bibtex - Download

@inproceedings{0817945f15b84b83a23e4c1c49251bd3,
title = "PAC it up: Towards Pointer Integrity using ARM Pointer Authentication",
abstract = "Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasuresagainst specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to hardensoftware against various classes of memory attacks.In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity. We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better protection than current solutions at a reasonable performance overhead.",
author = "Hans Liljestrand and Thomas Nyman and Kui Wang and {Chinea Perez}, Carlos and Jan-Erik Ekberg and N. Asokan",
year = "2019",
month = "1",
day = "19",
language = "English",
booktitle = "Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019",
publisher = "USENIX Association",

}

RIS - Download

TY - GEN

T1 - PAC it up: Towards Pointer Integrity using ARM Pointer Authentication

AU - Liljestrand, Hans

AU - Nyman, Thomas

AU - Wang, Kui

AU - Chinea Perez, Carlos

AU - Ekberg, Jan-Erik

AU - Asokan, N.

PY - 2019/1/19

Y1 - 2019/1/19

N2 - Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasuresagainst specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to hardensoftware against various classes of memory attacks.In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity. We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better protection than current solutions at a reasonable performance overhead.

AB - Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasuresagainst specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to hardensoftware against various classes of memory attacks.In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity. We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better protection than current solutions at a reasonable performance overhead.

M3 - Conference contribution

BT - Proceedings of the 28th USENIX Security Symposium, USENIX Security 2019

PB - USENIX Association

ER -

ID: 32097242