FIXER: Flow Integrity Extensions for Embedded RISC-V

With the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

[1]  Ahmad-Reza Sadeghi,et al.  ATRIUM: Runtime attestation resilient under memory attacks , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[2]  Jonathan M. Smith,et al.  Architectural Support for Software-Defined Metadata Processing , 2015, ASPLOS.

[3]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Thomas Meyer,et al.  Stack Redundancy to Thwart Return Oriented Programming in Embedded Systems , 2018, IEEE Embedded Systems Letters.

[5]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[6]  Ahmad-Reza Sadeghi,et al.  Hardware control flow integrity , 2018, The Continuing Arms Race.

[7]  John Wawrzynek,et al.  Chisel: Constructing hardware in a Scala embedded language , 2012, DAC Design Automation Conference 2012.

[8]  George Candea,et al.  Failure sketching: a technique for automated root cause diagnosis of in-production failures , 2015, SOSP.

[9]  W. Wong,et al.  Transparent Runtime Shadow Stack : Protection against malicious return address modifications , 2006 .

[10]  Trent Jaeger,et al.  GRIFFIN: Guarding Control Flows Using Intel Processor Trace , 2017, ASPLOS.

[11]  Christopher J. Hughes,et al.  Performance evaluation of Intel® Transactional Synchronization Extensions for high-performance computing , 2013, 2013 SC - International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[12]  Zhang Yu,et al.  Shadow Stack Scratch-Pad-Memory for Low Power SoC , 2008, 2008 Fifth IEEE International Symposium on Embedded Computing.

[13]  Ahmad-Reza Sadeghi,et al.  HAFIX: Hardware-Assisted Flow Integrity eXtension , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[14]  Yier Jin,et al.  HA2lloc: Hardware-Assisted Secure Allocator , 2017, HASP@ISCA.

[15]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[16]  Zhao Zhang,et al.  Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks , 2006, IEEE Micro.

[17]  Angelos D. Keromytis,et al.  Transparent ROP Exploit Mitigation Using Indirect Branch Tracing , 2013, USENIX Security Symposium.

[18]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[19]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[20]  Christian H. Bischof,et al.  Compiler Supported Sampling through Minimalistic Instrumentation , 2014, 2014 43rd International Conference on Parallel Processing Workshops.

[21]  J. Nurmi,et al.  Scaleable shadow stack for a configurable DSP concept , 2003, The 3rd IEEE International Workshop on System-on-Chip for Real-Time Applications, 2003. Proceedings..

[22]  Ajay Joshi,et al.  Nile: A Programmable Monitoring Coprocessor , 2018, IEEE Computer Architecture Letters.

[23]  Yunheung Paek,et al.  HDFI: Hardware-Assisted Data-Flow Isolation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[24]  Hiroyasu Nishiyama,et al.  SecureC: control-flow protection against general buffer overflow attack , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[25]  David Hély,et al.  A red team blue team approach towards a secure processor design with hardware shadow stack , 2017, 2017 IEEE 2nd International Verification and Security Workshop (IVSW).

[26]  Robert H. Deng,et al.  ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks , 2014, NDSS.