In a keynote presentation at last week’s IoT Security Forum (IoTSF) in London, Arm Chief Architect Richard Grisenthwaite presented new details of how Armv9 will improve performance and security for IoT devices.

Grisenthwaite particularly focused on two “Future Architecture Technologies” the Permission Overlay Extension version 2 (POE2) and the Virtual Tagging Extension (vMTE), which will improve application isolation and scalable memory safety detection in future versions of the Arm architecture.

POE2 is designed to primarily address performance overheads and memory costs associated with application isolation, while simultaneously improving security through enhanced sandboxing.

VMTE is aimed at addressing scalability problems related to deployment costs, thereby enhancing memory safety security across a wider range of platforms.

By providing sandboxing within a single process, POE2 reduces the need for additional memory. This allows embedded and IoT devices to sandbox efficiently and safely even with limited RAM. It also ensures that embedded devices have improved performance, as it removes the need for inter-process calls (IPCs).

The extension builds upon the existing Arm permission model by incorporating additional spatial and temporal controls. The function assigns a “permissions index” to each virtual memory page. Permissions are applied based on two-dimensional overlays stored in tables (Instruction (IRT) and Data (DPOT)). These overlays allow effective permission to vary depending on the code index accessing the data (spatial control) or the context that is running (temporal control).

VMTE is a virtualised version of the physical Memory Tagging Extension (MTE). Physical MTE was introduced in August 2019 as part of Armv8.5, and helps developers detect memory safety violations efficiently, like use-after-free and buffer overruns. Physical MTE works by comparing tags associated with memory locations and pointers when access occurs.

The key difference between physical MTE and vMTE lies in tag storage management. Original MTE associates tags with the physical location, typically requiring tag storage to be allocated upfront, often through a memory carve-out. This upfront cost can be too expensive or difficult to manage in certain environments.

VMTE changes the model so that the tag is associated with the virtual address instead. This means tag storage is also virtually allocated, and storage is only needed for those pages which are actively tagged, resulting in a more scalable deployment. While the programmer’s model remains consistent for applications, allowing them to be agnostic to the type of MTE used, software involved in memory allocation and management must be aware of whether physical or virtual tagging is implemented.

The shift to virtual MTE in effect brings memory tagging to embedded and IoT devices, as it allows MTE to be used on much smaller RAM footprint devices. As a result, vMTE brings the security benefits of MTE to systems where managing fixed memory carve outs is impractical or too costly.