One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8364824 |
| Date de publication | 2023-08-02 09:30:01 (vue: 2023-08-02 17:05:49) |
| Titre | Résumé: MTE tel qu'implémenté Summary: MTE As Implemented |
| Texte | By Mark Brand, Project ZeroIn mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specification. This blog post series is based on that review, and includes general conclusions about the effectiveness of MTE as implemented, specifically in the context of preventing the exploitation of memory-safety vulnerabilities. Despite its limitations, MTE is still by far the most promising path forward for improving C/C++ software security in 2023. The ability of MTE to detect memory corruption exploitation at the first dangerous access provides a significant improvement in diagnostic and potential security effectiveness. In comparison, most other proposed approaches rely on blocking later stages in the exploitation process, for example various hardware-assisted CFI approaches which aim to block invalid control-flow transfers.No MTE-based mitigation is going to completely solve the problem of exploitable C/C++ memory safety issues. The unfortunate reality of speculative side-channel attacks is that MTE will not end memory corruption exploitation. However, there are no other practical proposals with a similarly broad impact on exploitability (and exploitation cost) of such a wide range of memory corruption issues which would additionally address this limitation. Furthermore, given the long history of innovation and research in this space, we believe that it is not possible to build a software solution for C/C++ memory safety with comparable coverage to MTE that has less runtime overhead than AddressSanitizer/HWAsan. It\'s clear that such an overhead is not acceptable for most production workloads. Products that expect to contain large C/C++ codebases in the long term, who consider the exploitation of memory corruption vulnerabilities to be a key risk for their product security, should actively drive support for ARM\'s MTE in their products.For a more detailed analysis, see the following linked blog posts: Implementation Testing - An objective summary of the tests performed, and some basic analysis. If you\'re interested in implementing a mitigation based on MTE, you should read this document |
| Envoyé | Oui |
| Condensat | innovation specifically the 2022 2023 ability about acceptable access actively additional additionally address addresssanitizer/hwasan aim analysis approaches are arm assessment assisted attacks background based basic block blocking blog brand broad build but c/c++ can case cfi channel clear codebases comparable comparison completely conclusions consider contain context contexts control corruption cost coverage dangerous despite detailed detect diagnostic document drive during effective effectiveness end example expect experiences exploitability exploitable exploitation faced far first flow following forward furthermore general give given going hardware has here history how however impact implementation implemented implementing improvement improving includes interested invalid issues its kernel kernel key large later less limitation limitations limits linked long mark memory mid might mitigation mode more most mte not objective other overhead part path performed possible post posts: potential practical pre preventing problem process product production products project promising proposals proposed provided provides range read reality rely research review risk runtime safety security security in see series should side significant similarly skip software solution solve some space specification speculative stages start studies subjective such summary summary: support technical term testing tests than transfers unfortunate use user using various vulnerabilities we believe which who wide will workloads would you zero zeroin |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.