Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Arm Research
    • DesignStart
    • Education Hub
    • Graphics and Gaming
    • High Performance Computing
    • Innovation
    • Multimedia
    • Open Source Software and Platforms
    • Physical
    • Processors
    • Security
    • System
    • Software Tools
    • TrustZone for Armv8-M
    • 中文社区
  • Blog
    • Announcements
    • Artificial Intelligence
    • Automotive
    • Healthcare
    • HPC
    • Infrastructure
    • Innovation
    • Internet of Things
    • Machine Learning
    • Mobile
    • Smart Homes
    • Wearables
  • Forums
    • All developer forums
    • IP Product forums
    • Tool & Software forums
  • Support
    • Open a support case
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Processors
  • Developer Community
  • IP Products
  • Processors
  • Jump...
  • Cancel
Processors
Processors blog Memory Tagging Extension: Enhancing memory safety through architecture
  • Blogs
  • Leaderboard
  • Forums
  • Videos & Files
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
  • New
More blogs in Processors
  • DesignStart blog

  • Machine Learning IP blog

  • Processors blog

  • TrustZone for Armv8-M blog

Tell us what you think
Tags
  • White Paper
  • Security
  • A-profile
  • Memory Architecture
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Memory Tagging Extension: Enhancing memory safety through architecture

Steve Bannister
Steve Bannister
August 5, 2019

Memory safety has been a major source of security vulnerabilities for decades. Today, software vendors report that vulnerabilities due to violations of memory safety account for most of the security issues in their products. This is supported by the research. According to a 2019 BlueHat presentation, 70 percent of all security issues addressed in Microsoft products are caused by violations of memory safety. Similar figures have been reported by Google for Android where over 75 percent of vulnerabilities are violations of memory safety.

There are several software mitigation techniques targeting memory safety, such as ASan and HWSAN. However, these can be costly in terms of both performance and battery life, making them unsuitable for widespread deployment. Arm’s Armv8.5-A Memory Tagging Extension (MTE) addresses these challenges, bringing a performant and scalable hardware solution that reduces the exploitability of memory safety violations that might be present in code written in unsafe languages.

The Google announcement

Only recently, Google announced that it is adopting Arm’s MTE in Android. This is exciting news, with Google showing its continued commitment to security in the Android ecosystem. It also shows the strength of our MTE offering, with the article stating that the technology makes “it very hard (if not impossible) to exploit memory bugs.” Alongside the security benefits, the disruption caused by not addressing memory safety bugs reduces user satisfaction and increases the cost of software development. With all these threats to the Android Ecosystem, you can understand why Google has made the commitment to MTE!

Memory safety violations

There are two main types of memory safety violations: spatial and temporal safety. MTE provides the mechanism to detect both types in production code with no instrumentation.

Spatial safety is violated when an object is accessed outside of its true bounds. For example, when data is written beyond the buffer or other object. This may be exploited to alter the target address of a function pointer, saved register, or similar.

Temporal safety is violated when a reference to an object is used after it has expired typically after the object’s memory has been freed – exploiting an existing “use after free” bug. Using knowledge of the allocator, an attacker can place a new and malicious object in place of the expected version. Any functions called on that object result in control of the program flow being given to the attacker. This can also form the basis of several types of attacks.

 Armv8.5-A Memory Tagging Extension diagram

How MTE helps

MTE is beneficial to security because it locates memory safety vulnerabilities before and after deployment. It is designed to quickly detect memory safety violations and provide robustness against the attacks that are attempting to subvert code. MTE implements a lock and key access to memory. If the key matches, then the lock memory access is permitted; otherwise access can be recorded or faulted. In this way, hard-to-catch memory safety errors can be detected more easily, which also aids general debugging.

Locating and fixing vulnerabilities before deployment reduces the attack surface of deployed code, with MTE increasing the effectiveness of the testing and fuzzing. Detecting vulnerabilities at scale after deployment supports reactively fixing vulnerabilities before they are widely exploited, with MTE assisting with this detection.

Deploying MTE at Scale

MTE is very flexible and can be deployed in different configurations at various stages of product development and deployment. MTE’s flexibility at scale allows trade-offs between lowest overhead and most accuracy in reporting. The ability to change configurations dynamically means that in the field accurate information about the location of an access failure can be relayed back to its developers by bug reporting and telemetry systems.

Information on MTE

A newly published white paper on Armv8.5-A Memory Tagging Extension provides an excellent introduction to MTE and how it tackles the challenge of memory safety for security. It also explains how MTE can be optimized and describes how to deploy the technology in hardware and software, as well as at scale. The white paper and other supporting materials on Arm Developer, such as open source support for MTE, contain loads of interesting insights and information to help partners enhance memory safety for security.

Read the white paper

Anonymous
Processors blog
  • Learning from Tweeten: Porting Electron Apps to Native Arm64 for Windows on Arm

    Ben Clark
    Ben Clark
    This blog explores how Tweeten, a free popular Twitter app, was deployed on Windows on Arm devices through Electon on Native Arm64.
    • January 25, 2021
  • Learning from StaffPad: How to deploy apps with the Universal Windows Platform

    Ben Clark
    Ben Clark
    This blog explores how StaffPad, a music notation app, was deployed on Windows on Arm devices through the Universal Windows Platform.
    • January 18, 2021
  • Time to get excited about the growing Windows on Arm Ecosystem

    Rahoul Varma
    Rahoul Varma
    This blog highlights the latest developments with the growing Windows on Arm ecosystem.
    • November 30, 2020