Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Android & WearOS
Adopting the Arm Memory Tagging Extension in Android
Message
<blockquote data-quote="silversurfer" data-source="post: 827853" data-attributes="member: 26718"><p><span style="font-size: 12px">Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team </span></p><p></p><p>As part of our continuous commitment to improve the security of the Android ecosystem, we are partnering with Arm to design the <a href="https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/arm-a-profile-architecture-2018-developments-armv85a" target="_blank">memory tagging extension</a> (MTE). <a href="https://en.wikipedia.org/wiki/Memory_safety" target="_blank">Memory safety bugs</a>, common in C and C++, remain one of the largest vulnerabilities in the Android platform and although there have been previous <a href="https://security.googleblog.com/2019/05/queue-hardening-enhancements.html" target="_blank">hardening efforts</a>, memory safety bugs comprised more than half of the high priority security bugs in Android 9. Additionally, memory safety bugs manifest as hard to diagnose reliability problems, including sporadic crashes or silent data corruption. This reduces user satisfaction and <a href="https://www.nist.gov/sites/default/files/documents/director/planning/report02-3.pdf" target="_blank">increases the cost of software development</a>. Software testing tools, such as <a href="https://source.android.com/devices/tech/debug/asan" target="_blank">ASAN</a> and <a href="https://source.android.com/devices/tech/debug/hwasan" target="_blank">HWASAN</a> help, but their applicability on current hardware is limited due to noticeable overheads.</p><p></p><p>MTE, a hardware feature, aims to further mitigate these memory safety bugs by enabling us to detect them with low overhead. It has two execution modes:</p><ul> <li data-xf-list-type="ul"><strong>Precise mode</strong>: Provides more detailed information about the memory violation</li> <li data-xf-list-type="ul"><strong>Imprecise mode</strong>: Has lower CPU overhead and is more suitable to be always-on.</li> </ul><p>Arm recently published a <a href="https://developer.arm.com/architectures/cpu-architecture/a-profile#mte" target="_blank">whitepaper on MTE</a> and has added documentation to the Arm v8.5 <a href="https://developer.arm.com/docs/ddi0487/latest" target="_blank">Architecture Reference Manual</a>.</p><p></p><p>We envision several different usage modes for MTE.</p><ul> <li data-xf-list-type="ul">MTE provides a version of <a href="https://source.android.com/devices/tech/debug/asan" target="_blank">ASAN</a>/<a href="https://source.android.com/devices/tech/debug/hwasan" target="_blank">HWASAN</a> that is easier to use for testing and fuzzing in laboratory environments. It will find more bugs in a fraction of the time and at a lower cost, reducing the complexity of the development process. In many cases, MTE will allow testing memory safety using the same binary as shipped to production. The bug reports produced by MTE will be as detailed and actionable as those from ASAN and HWASAN.</li> <li data-xf-list-type="ul">MTE will be used as a mechanism for testing complex software scenarios in production. App Developers and OEMs will be able to selectively turn on MTE for parts of the software stack. Where users have provided consent, bug reports will be available to developers via familiar mechanisms like <a href="https://developer.android.com/topic/performance/vitals/crash" target="_blank">Google Play Console</a>.</li> <li data-xf-list-type="ul">MTE can be used as a strong security mitigation in the Android System and applications for many classes of memory safety bugs. For most instances of such vulnerabilities, a probabilistic mitigation based on MTE could prevent exploitation with a higher than 90% chance of detecting each invalid memory access. By implementing these protections and ensuring that attackers can't make repeated attempts to exploit security-critical components, we can significantly reduce the risk to users posed by memory safety issues.</li> </ul><p></p><p>Read more below:</p><p>[URL unfurl="true"]https://security.googleblog.com/2019/08/adopting-arm-memory-tagging-extension.html[/URL]</p></blockquote><p></p>
[QUOTE="silversurfer, post: 827853, member: 26718"] [SIZE=3]Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team [/SIZE] As part of our continuous commitment to improve the security of the Android ecosystem, we are partnering with Arm to design the [URL='https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/arm-a-profile-architecture-2018-developments-armv85a']memory tagging extension[/URL] (MTE). [URL='https://en.wikipedia.org/wiki/Memory_safety']Memory safety bugs[/URL], common in C and C++, remain one of the largest vulnerabilities in the Android platform and although there have been previous [URL='https://security.googleblog.com/2019/05/queue-hardening-enhancements.html']hardening efforts[/URL], memory safety bugs comprised more than half of the high priority security bugs in Android 9. Additionally, memory safety bugs manifest as hard to diagnose reliability problems, including sporadic crashes or silent data corruption. This reduces user satisfaction and [URL='https://www.nist.gov/sites/default/files/documents/director/planning/report02-3.pdf']increases the cost of software development[/URL]. Software testing tools, such as [URL='https://source.android.com/devices/tech/debug/asan']ASAN[/URL] and [URL='https://source.android.com/devices/tech/debug/hwasan']HWASAN[/URL] help, but their applicability on current hardware is limited due to noticeable overheads. MTE, a hardware feature, aims to further mitigate these memory safety bugs by enabling us to detect them with low overhead. It has two execution modes: [LIST] [*][B]Precise mode[/B]: Provides more detailed information about the memory violation [*][B]Imprecise mode[/B]: Has lower CPU overhead and is more suitable to be always-on. [/LIST] Arm recently published a [URL='https://developer.arm.com/architectures/cpu-architecture/a-profile#mte']whitepaper on MTE[/URL] and has added documentation to the Arm v8.5 [URL='https://developer.arm.com/docs/ddi0487/latest']Architecture Reference Manual[/URL]. We envision several different usage modes for MTE. [LIST] [*]MTE provides a version of [URL='https://source.android.com/devices/tech/debug/asan']ASAN[/URL]/[URL='https://source.android.com/devices/tech/debug/hwasan']HWASAN[/URL] that is easier to use for testing and fuzzing in laboratory environments. It will find more bugs in a fraction of the time and at a lower cost, reducing the complexity of the development process. In many cases, MTE will allow testing memory safety using the same binary as shipped to production. The bug reports produced by MTE will be as detailed and actionable as those from ASAN and HWASAN. [*]MTE will be used as a mechanism for testing complex software scenarios in production. App Developers and OEMs will be able to selectively turn on MTE for parts of the software stack. Where users have provided consent, bug reports will be available to developers via familiar mechanisms like [URL='https://developer.android.com/topic/performance/vitals/crash']Google Play Console[/URL]. [*]MTE can be used as a strong security mitigation in the Android System and applications for many classes of memory safety bugs. For most instances of such vulnerabilities, a probabilistic mitigation based on MTE could prevent exploitation with a higher than 90% chance of detecting each invalid memory access. By implementing these protections and ensuring that attackers can't make repeated attempts to exploit security-critical components, we can significantly reduce the risk to users posed by memory safety issues. [/LIST] Read more below: [URL unfurl="true"]https://security.googleblog.com/2019/08/adopting-arm-memory-tagging-extension.html[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
