In an effort to mitigate memory safety vulnerabilities in Android, Google and chipmaker ARM have released a new hardware feature called memory tagging extension (MTE).
The feature should allow for the detection of memory safety bugs with low overhead, Google says. Overall, it should help mitigate some of the largest security issues in Android, given that memory safety issues are common in C and C++.
Despite hardening efforts, Google explains, these type of bugs comprised over half of the high security vulnerabilities in Android 9. On top of that, they manifest as hard to diagnose reliability problems, such as crashes and data corruption.
MTE should make detection of memory safety bugs more resource efficient. It can either execute in a precise mode, to provide more detailed information about the memory violation, or in an imprecise mode, to lower CPU overhead and enable an always-on use.
MTE, Google says, provides a version of AddressSanitizer (ASan)/Hardware-assisted AddressSanitizer (HWASan) easier to use for testing and fuzzing in laboratory environments and is able to find more bugs in only a fraction of time, at lower costs, thus reducing the complexity of the development process.
“In many cases, MTE will allow testing memory safety using the same binary as shipped to production. The bug reports produced by MTE will be as detailed and actionable as those from ASAN and HWASAN,” Google explains.
MTE could be used as a mechanism for testing complex software scenarios in production. App developers and ORMs will be able to selectively turn on MTE for parts of the software stack, and bug reports will be available via mechanisms like Google Play Console when users give their consent.
According to Google, MTE can be used as a strong security mitigation for many classes of memory safety bugs in the Android platform and in applications. For most instances, MTE should have a 90% or higher chance to detect invalid memory access and prevent exploitation.
“By implementing these protections and ensuring that attackers can’t make repeated attempts to exploit security-critical components, we can significantly reduce the risk to users posed by memory safety issues,” Google says.
Memory tagging is expected to detect the most common classes of memory safety bugs in the wild, helping with patching efforts and discourage exploitation, the Internet search giant says.
To get Android ready for MTE, Google included support for MTE in the LLVM compiler toolchain and in the Linux kernel and also deployed HWASAN, which has uncovered close to 100 memory safety bugs. MTE is expected to greatly improve upon this in terms of overhead, ease of deployment, and scale, the company says.
Committed to supporting MTE throughout the Android software stack, Google is working with ARM System On Chip (SoC) partners to test MTE support. The search company aims at a broader deployment of MTE in the Android software and hardware ecosystem and even considers the feature as a possible foundational requirement for certain tiers of Android devices.