MID-020: Pointer Authentication
Mitigation Tier: Intermediate
Description
Pointer authentication is a hardware security feature added to some recent processor designs (e.g., ARMv8.3) which attach authentication codes to designated pointer values in memory. When the pointer is accessed, for example as a function pointer to jump execution to, its value is checked against the authentication code to ensure it has not been tampered with by a threat actor attempting to perform return-oriented programming or another form of control flow hijack. To implement pointer-level authentication, supported hardware, OS, and compilers are necessary.
Pointer authentication features can be utilized in the implementation of a MID-007 - Control Flow Integrity scheme, but with the advantage of hardware support that should reduce the performance overhead cost typically associated with software-based CFI implementations.
IEC 62443 4-2 Mappings
- SAR / EDR / HDR / NDR 3.2 - Protection for malicious code
References
[1] H. Liljestrand, T. Nyman, K. Wang, C. Perez, J. Ekberg, N. Asokan. “PAC it up: Towards Pointer Integrity using ARM Pointer Authentication” presented at 28th USENIX Security Symposium, Aug. 2019. [Online.] Available: https://www.usenix.org/system/files/sec19-liljestrand_0.pdf
[2] M. Rutland. “ARMv8.3 Pointer Authentication” presented at Linux Security Summit., Sept. 2017, Available: https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf
[3] ARM. Pointer Authentication on ARMv8.3. Accessed: Aug. 28, 2024. [Online.] Available: https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets/documents/pointer-auth-v7.pdf
[4] A. Mujumdar. “Armv8.1-M Pointer Authentication and Branch Target Identification Extension.” arm.com. Accessed: Aug. 28, 2024. [Online.] Available: https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/armv8-1-m-pointer-authentication-and-branch-target-identification-extension
[5] ARM. “Basics of Pointer Authentication.” arm.com. Accessed: Aug. 28, 2024. [Online.] Available: https://learn.arm.com/learning-paths/servers-and-cloud-computing/pac/pac/