JOUNES // REPORTS
Home  ·  Projects  ·  Essays  ·  GitHub  ·  LinkedIn  ·  Email
// // RESEARCH REPORT

hardware-Backed Resource-Access Isolation using ARM MTE and PAC

·10 citations

Overview

In-process compartmentalization can be achieved through hardware-enforced memory domains using ARM MTE (Memory Tagging Extension) and PAC (Pointer Authentication) [C002]. By assigning unique hardware tags to memory objects, the substrate binds unauthenticated requests to isolated resource domains [C000]. This approach targets the root cause of the bug rather than attempting to mitigate the late-stage effects of an exploit [C001]. This strategy mitigates path traversal and remote out-of-Memory (OOM) attacks by ensuring that any pointer attempting to access a resource outside its assigned hardware-tagged domain triggers an immediate fault [C000, C008].

This transition to hardware-backed isolation is critical because software-only memory safety is computationally prohibitive for high-performance environments. The viability of this substrate for cloud deployments is enabled by the ampereone processor (2024), which supports MTE with single-digit performance impact and zero memory capacity overhead for tag storage [C007].

However, the implementation must account for the trade-off between probabilistic and deterministic safety: MTE provides a low-friction path to safety but introduces new side-channels, such as "tiktag" gadgets that can leak MTE tags through speculative execution [C006]. To counter this, the substrate relies on formal ISA semantics—developed via tools like Sail—to provide a rigorous, executable model of processor behavior, ensuring that security primitives remain invariant across architectural states [C004].

Landscape

Current industry efforts to eliminate memory corruption divide into probabilistic tagging and deterministic capability-based architectures. Probabilistic schemes, such as ARM MTE and SPARC ADI, assign meta-information tags to memory objects to detect spatial and temporal violations [C000, C008]. Conversely, CHERI implements a hybrid capability-system that extends the RISC ISA and compiler to provide fine-grained hardware-enforced memory protection, offering superior scalability compared to traditional Memory-Management Unit (MMU) designs [C009].

Deployment is shifting toward datacenter-scale hardware and sandboxed runtimes. The AmpereOne processor is the first datacenter-class CPU to implement ARM MTE, providing synchronous tag-checking with low performance overhead [C007]. For WebAssembly (Wasm), which utilizes a flat memory model, hardware acceleration via MTE significantly reduces the overhead associated with software-only tagging [C005]. The Cage toolchain further optimizes this by combining MTE for spatial/temporal safety with ARM Pointer Authentication (PAC) to prevent the reuse of leaked pointers across Wasm instances [C003].

The efficacy of these hardware primitives is challenged by speculative execution and implementation gaps. The "tiktag" attack demonstrates that speculative execution can leak ARM MTE tags from arbitrary memory addresses, allowing attackers to bypass probabilistic defenses [C006]. To mitigate these architectural inconsistencies, researchers use Sail to create rigorous, executable ISA semantic models for ARMv8-A and CHERI-MIPS, providing a formal foundation for verifying that security primitives remain invariant across different processor states [C004].

Key Findings

Research indicates that the transition from software-defined memory safety to hardware-accelerated substrates is driven by a prohibitive "performance tax" on flat memory models. In WebAssembly (Wasm) environments, software-only memory tagging incurs runtime overheads between 48.91% (Wasm64) and 72.38% (Wasm32) [C005]. Implementing ARM MTE reduces these overheads to 5.71% for Wasm64 and 18.05% for Wasm32 [C005]. The Cage toolchain further optimizes this by combining MTE for spatial/temporal safety with Pointer Authentication (PAC) to prevent the reuse of leaked pointers, reducing overall runtime overhead to <5.8% [C003].

The evidence reveals a fundamental tension between probabilistic detection and deterministic prevention.

Approach Safety Guarantee Deployment Friction Performance Impact Primary Failure Mode
MTE Probabilistic [C000] Low (ISA Extension) Low (<10% on ampereone) [C007] Tag collisions; Speculative leaks [C006]
CHERI Deterministic [C009] High (System-wide rebuild) Variable (hardware-dependent) Implementation complexity [C009]
Software Tagging Variable [C005] Medium (compiler-based) High (Up to 72% overhead) [C005] Extreme runtime latency [C005]

A critical discovery is that hardware tags can be transformed from defensive barriers into "speculative oracles." The TikTag attack demonstrates that speculative execution can leak MTE tags from arbitrary memory addresses with a success rate exceeding 95% in under four seconds [C006]. This allows attackers to bypass probabilistic defenses in the Linux kernel and Google Chrome by forging pointers that match the leaked tags [C006].

Regarding structural isolation, research shows that MTE and PAC can be retrofitted to implement capability-based in-process access control [C002]. To ensure these primitives remain invariant across architectural states, the use of executable ISA models like Sail is necessary to provide the formal semantics required for reasoning about security, though these models cannot eliminate RTL-level implementation bugs [C004].

Finally, temporal safety (Use-After-Free) remains the primary operational bottleneck [C008]. While MTE provides a production-viable probabilistic solution for temporal bugs [C007], deterministic alternatives often introduce "stop-the-world" pauses that are incompatible with real-time system requirements [C008].

Tensions and Tradeoffs

Practitioners implementing memory-safe substrates face a primary tension between probabilistic detection and deterministic prevention. ARM MTE offers a low-friction deployment path by assigning meta-information to memory objects [C000], but its small tag sizes introduce a collision probability that limits absolute protection guarantees [C000]. In contrast, CHERI eliminates entire vulnerability classes via a hybrid capability-system architecture but requires a prohibitive system-wide rebuild of the ISA, compiler, and operating system [C009].

A second tradeoff exists between software-defined safety and hardware acceleration. For the flat memory model of WebAssembly, pure software tagging implementations induce significant runtime overheads [C005]. Shifting these checks to ARM MTE-supported CPUs reduces the time overhead substantially [C005]. Furthermore, combining MTE with PAC (Pointer Authentication) can maintain low runtime overhead while providing both spatial and temporal safety for heap and stack allocations [C003].

However, hardware tags introduce a new speculative execution surface. The TikTag research demonstrates that speculative gadgets can leak MTE tags from arbitrary memory addresses [C006]. This transforms the hardware defense into a speculative "oracle," allowing attackers to bypass probabilistic protections in the Linux kernel and Google Chrome [C006].

Finally, there is a structural dependency between spatial and temporal safety. Many state-of-the-art mitigations for temporal corruption (e.g., Use-After-Free) require spatial safety to protect their own in-memory metadata [C008]. Without this external protection, temporal defenses remain vulnerable to evasion, yet adding the necessary spatial safety often increases the overall runtime overhead [C008].

Opportunities

Development Targets

To implement an MTE-backed isolation substrate, the following components require engineering:

Open Research Questions

Architecture Trade-offs for Resource-Access Isolation

Approach Safety Guarantee Deployment Cost Primary Failure Mode
MTE-Slicing Probabilistic [C000] Low (Incremental) [C007] Speculative tag leaks [C006]
CHERI Deterministic [C009] High (System Rebuild) [C009] Prohibitive ISA migration
Software-Sanding Deterministic Very High [C005] Computational exhaustion

References

Provenance: Published 2026-05-13 · 10 inline citations · 10 references
// GENERATED FROM A LIVE OBSIDIAN VAULT · CLOUDFLARE PAGES · DRAFTED WITH AGENTS
← back to Reports