Conversation

Amazing, Android now has a shadow call stack using a dedicated register just like we suggested in our recent #Oakland19 "SoK Shining Light on Shadow Stacks" nebelwelt.net/publications/f (the Google work was independent of ours)
Quote Tweet
Google Online Security Blog: Protecting against code reuse in the Linux kernel with Shadow Call Stack security.googleblog.com/2019/10/protec via @google
2
67
Replying to and
Normally, it is not directly protected against arbitrary writes. The "protection" against it usually stems from information hiding due to randomization. However, it is still vulnerable to probing but which is more difficult than the normal information leak.
2
Replying to and
ARMv8.5 memory tagging will be able to prevent access to data like this via pointers not directly created by the attacker. Memory tagging is primarily meant to directly detect memory corruption by approximating stronger memory safety but in doing so it can help other mitigations.
1