Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution

Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, Byoungyoung Lee

TL;DR

This work shows that ARM MTE, while offering strong protection against memory corruption, can be undermined by speculative execution through TikTag gadgets that leak MTE tags from arbitrary memory. It introduces two gadgets, TikTag-v1 and TikTag-v2, each exploiting distinct micro-architectural behaviors to reveal tags and bypass MTE mitigations in Chrome and the Linux kernel, achieving high success rates and practical attack times. The authors provide a detailed analysis of the root causes, validate attacks across real-world surfaces, and propose mitigation strategies including speculation barriers, padding, and hardware-enforced isolation of tag checks from speculative paths. The findings highlight critical considerations for both the design of MTE-enabled hardware and the deployment of MTE-based defenses in production systems, and they contribute open-source gadget implementations to aid ongoing security research.

Abstract

ARM Memory Tagging Extension (MTE) is a new hardware feature introduced in ARMv8.5-A architecture, aiming to detect memory corruption vulnerabilities. The low overhead of MTE makes it an attractive solution to mitigate memory corruption attacks in modern software systems and is considered the most promising path forward for improving C/C++ software security. This paper explores the potential security risks posed by speculative execution attacks against MTE. Specifically, this paper identifies new TikTag gadgets capable of leaking the MTE tags from arbitrary memory addresses through speculative execution. With TikTag gadgets, attackers can bypass the probabilistic defense of MTE, increasing the attack success rate by close to 100%. We demonstrate that TikTag gadgets can be used to bypass MTE-based mitigations in real-world systems, Google Chrome and the Linux kernel. Experimental results show that TikTag gadgets can successfully leak an MTE tag with a success rate higher than 95% in less than 4 seconds. We further propose new defense mechanisms to mitigate the security risks posed by TikTag gadgets.

TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution

TL;DR

This work shows that ARM MTE, while offering strong protection against memory corruption, can be undermined by speculative execution through TikTag gadgets that leak MTE tags from arbitrary memory. It introduces two gadgets, TikTag-v1 and TikTag-v2, each exploiting distinct micro-architectural behaviors to reveal tags and bypass MTE mitigations in Chrome and the Linux kernel, achieving high success rates and practical attack times. The authors provide a detailed analysis of the root causes, validate attacks across real-world surfaces, and propose mitigation strategies including speculation barriers, padding, and hardware-enforced isolation of tag checks from speculative paths. The findings highlight critical considerations for both the design of MTE-enabled hardware and the deployment of MTE-based defenses in production systems, and they contribute open-source gadget implementations to aid ongoing security research.

Abstract

ARM Memory Tagging Extension (MTE) is a new hardware feature introduced in ARMv8.5-A architecture, aiming to detect memory corruption vulnerabilities. The low overhead of MTE makes it an attractive solution to mitigate memory corruption attacks in modern software systems and is considered the most promising path forward for improving C/C++ software security. This paper explores the potential security risks posed by speculative execution attacks against MTE. Specifically, this paper identifies new TikTag gadgets capable of leaking the MTE tags from arbitrary memory addresses through speculative execution. With TikTag gadgets, attackers can bypass the probabilistic defense of MTE, increasing the attack success rate by close to 100%. We demonstrate that TikTag gadgets can be used to bypass MTE-based mitigations in real-world systems, Google Chrome and the Linux kernel. Experimental results show that TikTag gadgets can successfully leak an MTE tag with a success rate higher than 95% in less than 4 seconds. We further propose new defense mechanisms to mitigate the security risks posed by TikTag gadgets.
Paper Structure (32 sections, 16 figures, 4 tables)

This paper contains 32 sections, 16 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Memory Tagging Extension
  4. Speculative Execution Attack
  5. Threat Model
  6. Finding Tag Leakage Gadgets
  7. Tag Leakage Template
  8. Tag Leakage Fuzzing
  9. TikTag Gadgets
  10. TikTag-v1: Exploiting Speculation Shrinkage
  11. TikTag-v2: Exploiting Store-to-Load Forwarding
  12. Real-World Attacks
  13. Attacking Chrome Browser
  14. Threat Model
  15. Constructing TikTag Gadget
  16. ...and 17 more sections

Figures (16)

  • Figure 1: An MTE tag leakage template
  • Figure 2: TikTag-v1 gadget
  • Figure 3: Cache hit rate of [0.5]test_ptr after executing TikTag-v1. X-axis shows the length of [0.5]GAP and Y-axis shows the cache hit rate.
  • Figure 4: TikTag-v1 ablation study. [0.5]SE: Speculative Execution, [0.5]DP: Data Prefetch. [0.5]m1 and [0.5]m2 are memory addresses for [0.5]cond_ptr and [0.5]target_addr, respectively. [0.5]m3 and [0.5]m4 are memory address for [0.5]test_ptr. The tests were conducted with [0.5]LEN(CHECK)=2 and [0.5]TEST=INDEP_LD
  • Figure 5: TikTag-v1 gadget variants
  • ...and 11 more figures