Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2022-11
Hauptverfasser: Olivier, Gilles, Viguier, Franck, Kosmatov, Nikolai, Daniel Gracia Pérez
Format: Artikel
Sprache:eng
Schlagworte:
Instruction sets (computers)
RISC
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Olivier, Gilles
Viguier, Franck
Kosmatov, Nikolai
Daniel Gracia Pérez
description RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2742869770</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2742869770</sourcerecordid><originalsourceid>FETCH-proquest_journals_27428697703</originalsourceid><addsrcrecordid>eNpjYuA0MjY21LUwMTLiYOAtLs4yMDAwMjM3MjU15mTwdc7PKynKz9F1y8kvV_DMK0lNL8osqVRILFEI8gx2tlJwLClJTM7OzEsH83XDFJIqFbxKcwt0_YsyU4HKUxQCivLTixJzc4FqeBhY0xJzilN5oTQ3g7Kba4izh25BUX5haWpxSXxWfmlRHlAq3sjcxMjCzNLc3MCYOFUA1948ig</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2742869770</pqid></control><display><type>article</type><title>Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming</title><source>Free E- Journals</source><creator>Olivier, Gilles ; Viguier, Franck ; Kosmatov, Nikolai ; Daniel Gracia Pérez</creator><creatorcontrib>Olivier, Gilles ; Viguier, Franck ; Kosmatov, Nikolai ; Daniel Gracia Pérez</creatorcontrib><description>RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Instruction sets (computers) ; RISC</subject><ispartof>arXiv.org, 2022-11</ispartof><rights>2022. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Olivier, Gilles</creatorcontrib><creatorcontrib>Viguier, Franck</creatorcontrib><creatorcontrib>Kosmatov, Nikolai</creatorcontrib><creatorcontrib>Daniel Gracia Pérez</creatorcontrib><title>Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming</title><title>arXiv.org</title><description>RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.</description><subject>Instruction sets (computers)</subject><subject>RISC</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpjYuA0MjY21LUwMTLiYOAtLs4yMDAwMjM3MjU15mTwdc7PKynKz9F1y8kvV_DMK0lNL8osqVRILFEI8gx2tlJwLClJTM7OzEsH83XDFJIqFbxKcwt0_YsyU4HKUxQCivLTixJzc4FqeBhY0xJzilN5oTQ3g7Kba4izh25BUX5haWpxSXxWfmlRHlAq3sjcxMjCzNLc3MCYOFUA1948ig</recordid><startdate>20221126</startdate><enddate>20221126</enddate><creator>Olivier, Gilles</creator><creator>Viguier, Franck</creator><creator>Kosmatov, Nikolai</creator><creator>Daniel Gracia Pérez</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20221126</creationdate><title>Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming</title><author>Olivier, Gilles ; Viguier, Franck ; Kosmatov, Nikolai ; Daniel Gracia Pérez</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_27428697703</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Instruction sets (computers)</topic><topic>RISC</topic><toplevel>online_resources</toplevel><creatorcontrib>Olivier, Gilles</creatorcontrib><creatorcontrib>Viguier, Franck</creatorcontrib><creatorcontrib>Kosmatov, Nikolai</creatorcontrib><creatorcontrib>Daniel Gracia Pérez</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Olivier, Gilles</au><au>Viguier, Franck</au><au>Kosmatov, Nikolai</au><au>Daniel Gracia Pérez</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming</atitle><jtitle>arXiv.org</jtitle><date>2022-11-26</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2022-11
issn 2331-8422
language eng
recordid cdi_proquest_journals_2742869770
source Free E- Journals
subjects Instruction sets (computers)
RISC
title Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T19%3A27%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Control-Flow%20Integrity%20at%20RISC:%20Attacking%20RISC-V%20by%20Jump-Oriented%20Programming&rft.jtitle=arXiv.org&rft.au=Olivier,%20Gilles&rft.date=2022-11-26&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2742869770%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2742869770&rft_id=info:pmid/&rfr_iscdi=true