PACMAN: Attacking ARM Pointer Authentication with Speculative Execution
نویسندگان
چکیده
Memory corruption vulnerabilities have resulted in numerous exploits and significant damage to computer systems. ARM Pointer Authentication is a memory mitigation that attempts mitigate these issues by cryptographically signing pointers at runtime. We present PACMAN, novel attack methodology can forge correct pointer signatures bypass the protection of without causing any crashes using microarchitectural side channels. PACMAN removes primary barrier conducting control-flow hijacking attacks on platform protected with Authentication. built two proof concept showing works across privilege levels Apple M1 CPU. also released suite open-source tools enable community perform future research Silicon devices.
منابع مشابه
Attacking Authentication Protocols
The past two decades have seen an enormous increase in the development and use of networked and distributed systems, providing increased functionality to the user and more efficient use of resources. To obtain the benefits of such systems parties will cooperate by exchanging messages over the network. The parties may be users, hosts or processes; they are generally referred to as principals in ...
متن کاملSpeculative Execution for Information Agents
Practical deployments of information agents can suffer from sub-optimal performance and scalability for a number of reasons. In the case of web-based information integration, for example, data sources are remote and their latency can have a substantial effect on overall execution performance. Scalability can also be poor, since concurrent queries can cause multiple, simultaneous remote data ret...
متن کاملSpectre Attacks: Exploiting Speculative Execution
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithf...
متن کاملData and Control Speculative Execution
Control and data flow speculation can improve processor performance through increased ILP. First it is demonstrated how aggressive speculation on both control decisions and data values can produce parallelism in a simple “sequential” problem. It is then shown through simulation that a speculative architecture can extract parallelism from more complex code examples. Finally a discussion about th...
متن کاملFuture Branches { beyond Speculative Execution
The performance and hardware complexity of superscalar architectures is hindered by conditional branch instructions. When conditional branches are encountered in a program, the instruction fetch unit must rapidly predict the branch predicate and begin speculatively fetching instructions with no loss of instruction throughput. Speculative execution increases hardware cost, since speculative inst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Micro
سال: 2023
ISSN: ['1937-4143', '0272-1732']
DOI: https://doi.org/10.1109/mm.2023.3273189