A newly discovered speculative execution attack, dubbed “TIKTAG,” has been found to target ARM’s Memory Tagging Extension (MTE), boasting over a 95% success rate. This sophisticated technique allows hackers to bypass MTE’s security measures.
The attack was detailed in a paper co-authored by researchers from Samsung, Seoul National University, and the Georgia Institute of Technology. Their findings demonstrate the TIKTAG attack’s effectiveness against Google Chrome and the Linux kernel.
Tag leak diagram
Source: arxiv.org
What is ARM’s Memory Tagging Extension (MTE)?
MTE is a security feature introduced in ARM’s v8.5-A architecture and later versions, aimed at detecting and preventing memory corruption. It assigns 4-bit tags to 16-byte memory chunks, ensuring that the tag in the pointer matches the accessed memory region. MTE operates in three modes: synchronous, asynchronous, and asymmetric, balancing security and performance.
How Does TIKTAG Work?
The researchers identified two primary exploits, TIKTAG-v1 and TIKTAG-v2, which leverage speculative execution to leak MTE memory tags.
- TIKTAG-v1 exploits speculative execution by manipulating branch prediction and data prefetching behaviors. It is particularly effective against the Linux kernel, especially in functions that involve speculative memory accesses. The attack requires some manipulation of kernel pointers, utilizing system calls to trigger the speculative execution path and measure cache states to infer memory tags.
- TIKTAG-v2 targets the store-to-load forwarding behavior in speculative execution. It uses a sequence where a value is stored to a memory address and immediately loaded from the same address. If the tags match, the value is forwarded, influencing the cache state. If not, the forwarding is blocked, and the cache state remains unchanged. By analyzing the cache state after speculative execution, the tag check result can be inferred.
The researchers demonstrated TIKTAG-v2’s effectiveness against Google Chrome, particularly the V8 JavaScript engine, highlighting potential vulnerabilities in the renderer process due to MTE bypass.
Implications and Industry Response
Leaking MTE tags does not directly expose sensitive data such as passwords or encryption keys. However, it can weaken the overall security provided by MTE, making systems more vulnerable to memory corruption attacks.
The findings were reported to the affected entities between November and December 2023. While the responses were generally positive, no immediate fixes have been implemented. ARM acknowledged the seriousness of the issue but did not consider it a breach of the architectural principles, as allocation tags are not expected to be secret.
Chrome’s security team recognized the vulnerabilities but opted not to address them, stating that the V8 sandbox does not guarantee the confidentiality of memory data and MTE tags. Moreover, MTE-based defenses are not enabled by default in the Chrome browser, making it a lower priority for immediate fixes.
The MTE oracles in the Pixel 8 device were reported to the Android security team in April 2024, and were acknowledged as a hardware flaw qualifying for a bounty reward.
Proposed Mitigations
The researchers suggest several mitigations to counter TIKTAG attacks:
- Modify hardware design to prevent speculative execution from altering cache states based on tag check results.
- Insert speculation barriers (e.g., sb or isb instructions) to block speculative execution of critical memory operations.
- Add padding instructions to extend the execution window between branch instructions and memory accesses.
- Enhance sandboxing mechanisms to strictly confine speculative memory access paths within safe memory regions.
While these mitigations may help, the effectiveness of TIKTAG highlights the ongoing challenges in securing modern computing systems against sophisticated speculative execution attacks.
Found this news interesting? Follow us on Twitter and Telegram to read more exclusive content we post.
