PACMAN
Joseph Ravichandran, Weon Taek Na, Jay Lang, Mengjia Yan
Abstract
This paper studies the synergies between memory corruption vulnerabilities and speculative execution vulnerabilities. We leverage speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity. We present PACMAN, a novel attack methodology that speculatively leaks PAC verification results via micro-architectural side channels without causing any crashes. Our attack removes the primary barrier to conducting control-flow hijacking attacks on a platform protected using Pointer Authentication.
Topics & Concepts
Computer sciencePointer (user interface)Computer securityLeverage (statistics)Memory safetyPasswordEmbedded systemOperating systemComputer hardwareCompilerMachine learningSecurity and Verification in ComputingDistributed systems and fault toleranceAdvanced Malware Detection Techniques