DeepAI AI Chat
Log In Sign Up

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

11/26/2022
by   Olivier Gilles, et al.
0

RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.

READ FULL TEXT

page 1

page 2

page 3

page 4

03/22/2023

LoadLord: Loading on the Fly to Defend Against Code-Reuse Attacks

Code-reuse attacks have become a kind of common attack method, in which ...
03/15/2021

Return-Oriented Programming on RISC-V

This paper provides the first analysis on the feasibility of Return-Orie...
05/23/2020

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

We introduce a new timing side-channel attack on Intel CPU processors. O...
10/24/2018

On the Effectiveness of Type-based Control Flow Integrity

Control flow integrity (CFI) has received significant attention in the c...
04/20/2015

Defending Against DDoS Attacks in Bloom Filter based Multicasting

This paper analyze security issues of Bloom filter based multicast forwa...
01/18/2022

Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture

This paper shows how the Xtensa architecture can be attacked with Return...