Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation. Among these, compiler-based instrumentation is particularly promising, not requiring manual code modifications and being able to achieve precise memory safety. Unfortunately, existing compiler-based solutions compromise in many areas, including performance but also usability and memory safety guarantees. New developments in hardware can help improve performance and security of compiler-based memory safety. ARM Pointer Authentication, added in the ARMv8.3 architecture, is intended to enable hardware-assisted Control Flow Integrity (CFI). But since its operations are generic, it also enables other, more comprehensive hardware-supported runtime integrity approaches. As such, we propose CryptSan, a memory safety approach based on ARM Pointer Authentication. CryptSan uses pointer signatures to retrofit memory safety to C/C++ programs, protecting heap, stack, and globals against temporal and spatial vulnerabilities. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro, i.e., on actual ARMv8.3 hardware. Our prototype evaluation shows that the system outperforms similar approaches under real-world conditions. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.

翻译：内存安全漏洞即便经过数十年的检测与防御研究，仍高居安全漏洞排行的前列。针对C/C++提出的缓解方案涵盖语言方言到插桩方法等多种技术路径。其中，编译器插桩因其无需手动修改代码且能实现精确内存安全，展现出显著潜力。然而现有编译器方案在性能、可用性及内存安全保证等多个方面仍存在妥协。新型硬件架构的发展有助于提升编译器内存安全的性能与安全性。ARMv8.3架构引入的ARM指针认证原本旨在支持硬件辅助的控制流完整性。但由于其操作的通用性，该特性还可支持其他更全面的硬件辅助运行时完整性方案。基于此，我们提出CryptSan——一种基于ARM指针认证的内存安全方案。CryptSan利用指针签名为C/C++程序重构内存安全机制，可保护堆、栈及全局变量免受时序与空间漏洞威胁。我们基于LLVM实现了完整原型，并在搭载实际ARMv8.3硬件的M1 MacBook Pro上完成部署。原型评估表明，本系统在真实场景下性能优于同类方案。结合其与无插桩库的互操作性及对元数据攻击的加密防护特性，CryptSan成为为C/C++程序重构内存安全的可行方案。