Tightly Seal Your Sensitive Pointers with PACTight

Abstract: ARM is becoming more popular in desktops and data centers, opening a new realm in terms of security attacks against ARM. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. In this paper, we utilize Pointer Authentication (PA) to build a novel scheme to completely prevent any misuse of security-sensitive pointers. We propose PACTight to tightly seal these pointers. PACTight utilizes a strong and unique modifier that addresses the current issues with the state-of-the-art PA defense mechanisms. We implement four defenses based on the PACTight mechanism. Our security and performance evaluation results show that PACTight defenses are more efficient and secure. Using real PA instructions, we evaluated PACTight on 30 different applications, including NGINX web server, with an average performance overhead of 4.07% even when enforcing our strongest defense. PACTight demonstrates its effectiveness and efficiency with real PA instructions on real hardware.