DeepAI AI Chat
Log In Sign Up

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

by   Olivier Gilles, et al.

RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.


page 1

page 2

page 3

page 4


LoadLord: Loading on the Fly to Defend Against Code-Reuse Attacks

Code-reuse attacks have become a kind of common attack method, in which ...

Return-Oriented Programming on RISC-V

This paper provides the first analysis on the feasibility of Return-Orie...

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

We introduce a new timing side-channel attack on Intel CPU processors. O...

On the Effectiveness of Type-based Control Flow Integrity

Control flow integrity (CFI) has received significant attention in the c...

Defending Against DDoS Attacks in Bloom Filter based Multicasting

This paper analyze security issues of Bloom filter based multicast forwa...

Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture

This paper shows how the Xtensa architecture can be attacked with Return...