Talk Title:

ARM MTE: The End of Memory Corruption? Not Yet.

Abstract:

The ARM Memory Tagging Extension (MTE) is a new hardware extension in ARMv8.5 that detects memory corruption vulnerabilities. MTE uses hardware memory tags to quickly and easily detect memory vulnerabilities and is expected to harden the security of a wide range of software systems. In this talk, we demonstrate that speculative execution can be used to leak MTE tags. We introduce the new MTE tag leakage gadgets, which can infer MTE tag information through the cache and effectively operate on MTE-supported devices such as Pixel 8

Leveraging the MTE tag information, the attackers can develop reliable memory corruption attacks with a high success rate. We further analyze the root cause of the tag leakage gadget and propose software and hardware based mitigation strategies.

Speaker Bio:

Juhee Kim is a Ph.D. student at CompSec Lab, Seoul National University, advised by Byoungyoung Lee. Her research focuses on both attacks and defenses on software systems, including operating systems, web browsers, and ML systems. Recent studies have centered on security techniques utilizing hardware features, such as ARM's Pointer Authentication Code (PAC) and Memory Tagging Extensions (MTE).