Protecting Indirect Branches Against Fault Attacks Using ARM Pointer Authentication

Abstract

With the growing number of embedded devices deployed in safety- and privacy-sensitive applications, such as in the automotive area or in the IoT, the hardening of these systems against attacks is getting essential. As these devices are physically accessible by an adversary, fault attacks are frequently used to hijack the control-flow of the executed program and bypass security defenses such as secure boot, gain arbitrary code execution, or retrieve sensitive information. To protect the control-flow from this threat, control-flow integrity (CFI) aims to be an effective and generic countermeasure. Although CFI aims to mitigate fault induced control-flow hijacking attacks, state-of-the-art CFI schemes do not protect addresses, allowing an attacker to still hijack the control-flow of indirect branches. To counteract this threat and detect unwanted bit flips, data encoding schemes are frequently used to add redundancy to these addresses. However, software-based data encoding schemes yield large runtime overheads, making them hard to deploy on a larger scale. To reduce this performance overhead, related work typically introduces custom CPU changes, which are not feasible for off-the-shelf systems, leaving a broad range of devices unprotected. Hence, software-based address redundancy schemes for commodity devices are needed to thwart fault attacks on indirect branches. In this paper, we utilize the ARM pointer authentication feature of recent ARM architectures to efficiently protect the target addresses of indirect calls. In addition to the address protection, we further enhance the state update function of existing CFI schemes to protect the link between indirect controlflow transfers. To demonstrate how these defense mechanisms improve the protection of state-of-the-art CFI countermeasures, we integrate our address encoding and linking strategy into a previously introduced CFI scheme. We further extend a LLVMbased toolchain to automatically thwart fault attacks on indirect branches without user interaction. Our analysis shows an negligible overhead of less than 2.34% on average for protecting target addresses of indirect branches and the link between indirect branches for SPEC2017.