Executive Summary
A team from South Korea, Juhee Kim, Youngjoo Lee, Jinbum Park, Taesoo Kim, Sihyeon Ro, Jaeyoung Chung, and Byoungyoung Lee, was able to use tools to break hardware memory protection security features. They could do this 95% of the time in less than 4 seconds.
Google's own team of researchers had not found any issues with the memory protections provided by ARM.
The attack is described in the paper: TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Execution
A Brief Background of Tagged Memory Architectures
Memory tagging is a hardware mechanism used to add additional information to a memory object during its allocation/deallocation. Lisp machines (Symbolics, anyone?) used tag memory for garbage collection, capability-based architectures to assign object rights, error detection/correction, debug support, and other features that work better with hardware support.
A Brief Background of Memory Safety Security Issues
Memory safety bugs have been the bane of software programming ever since programming became a thing. New languages have reduced the incidents, but they are still there.
Memory bugs are the major cause of security bugs, some of which are use after free, heap corruption, bad pointer arithmetic, bad indexing, etc.
ARM Introduces Memory Tagging Extension (MTE)
Arm v9 introduced Arm Memory Tagging Extension (MTE), a hardware implementation of tagged memory.
At a high level, MTE tags each memory allocation/deallocation with additional metadata. It assigns a tag to a memory location, which can then be associated with pointers that reference that memory location. At runtime, the CPU checks that the pointer and the metadata tags match on each load and store. In Android 12 the kernel and userspace heap memory allocator can augment each allocation with metadata. This helps detect use-after-free and buffer-overflow bugs, which are the most common source of memory safety bugs in our codebases.
Breaking MTE 95% in < 4s
The paper's authors built software tools called TikTag-v1 and TikTag-v2 to break MTE 95% of the time in less than 4 seconds. The targets were the Linux and Google Chrome kernels.
The authors decided to attack the MTE system by exploiting speculative instruction executions. Google claimed that MTE could not be exploited; the authors begged to differ.
When TikTag gadgets are speculatively executed, the cache state differs depending on whether they trigger a tag check fault or not. Therefore, by observing the cache states, it is possible to leak the tag check results without raising any exceptions. The gadgets were effective on both Pixel 8 and Pixel 8 pro, the first officially MTE-enabled hardware. The code is available on GitHub.
Comentários