Protecting the stack with PACed canaries
This addresses security issues in memory corruption defenses for systems using ARM architectures, though it is incremental as it builds on existing pointer authentication technology.
The paper tackles the vulnerability of stack canaries to memory disclosure and brute-forcing attacks by proposing PCan, a new approach using ARMv8.3-A pointer authentication to generate dynamic canaries, resulting in more fine-grained protection with minimal performance overhead.
Stack canaries remain a widely deployed defense against memory corruption attacks. Despite their practical usefulness, canaries are vulnerable to memory disclosure and brute-forcing attacks. We propose PCan, a new approach based on ARMv8.3-A pointer authentication (PA), that uses dynamically-generated canaries to mitigate these weaknesses and show that it provides more fine-grained protection with minimal performance overhead.