Bastag: Byte-level Access Control on Shared Memory using ARM Memory Tagging Extensionopen access
- Authors
- You, Junseung; Seo, Jiwon; Lee, Kyeongryong; Cho, Yeongpil; Paek, Yunheung
- Issue Date
- Nov-2025
- Publisher
- Association for Computing Machinery, Inc
- Keywords
- Memory Tagging Extension; shadow memory; software hardening
- Citation
- CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, pp 1514 - 1528
- Pages
- 15
- Indexed
- SCOPUS
- Journal Title
- CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
- Start Page
- 1514
- End Page
- 1528
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/209898
- DOI
- 10.1145/3719027.3744849
- Abstract
- As software grows in size and complexity, modular designs are increasingly adopted, leading to frequent interactions via shared memory between components. This design however increases the risk of vulnerabilities from uncontrolled memory access to shared memory. Enforcing byte-level access control can mitigate these risks by enabling byte-level permissions on complex shared objects and their sub-elements. However, existing approaches face performance limitations as they increase the granularity of control to byte level. In this paper, we present Bastag, a novel system that leverages ARM's Memory Tagging Extension (MTE) to tack this challenge. Although MTE enforces tag-matching between pointers and memory, its hardware-defined granularity is too coarse to support byte-level control on its own. To address the inherent limitations of applying MTE for nuanced access control, Bastag incorporates a technique known as shadow memory tagging that places separate, but associated MTE tags for the actual memory targets, allowing for more flexible and finer access control with efficiency. We implemented a Bastag prototype on AArch64 hardware with MTE support and evaluated it on three real-world use cases. Our results demonstrate that Bastag significantly outperforms existing byte-level access control mechanisms.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.