CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++

TL;DR

CryptSan leverages ARM Pointer Authentication to retrofit memory safety in C/C++ programs, providing a hardware-assisted, efficient, and interoperable solution that protects against common vulnerabilities.

Contribution

It introduces CryptSan, a novel LLVM-based system utilizing ARM Pointer Authentication to enhance memory safety in C/C++, outperforming existing approaches.

Findings

Outperforms similar memory safety approaches in real-world tests.

Protects heap, stack, and globals against vulnerabilities.

Operates efficiently on actual ARM hardware.

Abstract

Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation. Among these, compiler-based instrumentation is particularly promising, not requiring manual code modifications and being able to achieve precise memory safety. Unfortunately, existing compiler-based solutions compromise in many areas, including performance but also usability and memory safety guarantees. New developments in hardware can help improve performance and security of compiler-based memory safety. ARM Pointer Authentication, added in the ARMv8.3 architecture, is intended to enable hardware-assisted Control Flow Integrity (CFI). But since its operations are generic, it also enables other, more comprehensive hardware-supported runtime integrity approaches. As such, we propose CryptSan, a memory safety approach based on ARM Pointer Authentication. CryptSan uses pointer signatures to retrofit memory safety to C/C++ programs, protecting heap, stack, and globals against temporal and spatial vulnerabilities. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro, i.e., on actual ARMv8.3 hardware. Our prototype evaluation shows that the system outperforms similar approaches under real-world conditions. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.