Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2022-11
Hauptverfasser: Olivier, Gilles, Viguier, Franck, Kosmatov, Nikolai, Daniel Gracia Pérez
Format: Artikel
Sprache:eng
Schlagworte:
Instruction sets (computers)
RISC
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.
ISSN:2331-8422