Design and Implementation of a Dynamic Information Flow Tracking Architecture to Secure a RISC-V Core for IoT Applications

Security for Internet-of-Things devices is an increasingly critical aspect of computer architecture, with implications that spread across a wide range of domains. We present the design and implementation of a hardware dynamic information flow tracking (DIFT) architecture for RISC-V processor cores. Our approach exhibits the following features at the architecture level. First, it supports a robust and software-programmable policy that protects bare-metal applications against memory corruption attacks such as buffer overflows and format strings, without causing false alarms when running real-world benchmarks. Second, it is fast and transparent, having a small impact on applications performances and providing a fine-grain management of security tags. Third, it consists of a flexible design that can be easily extended for targeting new sets of attacks. We implemented our architecture on PULPino, an open-source platform that supports the design of different RISC-V cores targeting IoT applications. FPGA-based experimental results show that the overall overhead is low, with no impact on the processor performance and negligible storage increase.

[1]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[2]  Binyu Zang,et al.  From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware , 2008, 2008 International Symposium on Computer Architecture.

[3]  Christoforos E. Kozyrakis,et al.  Decoupling Dynamic Information Flow Tracking with a dedicated coprocessor , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[4]  Frederic T. Chong,et al.  Gate-Level Information-Flow Tracking for Secure Architectures , 2010, IEEE Micro.

[5]  Ravishankar K. Iyer,et al.  Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[6]  David A. Patterson,et al.  The RISC-V instruction set , 2013, 2013 IEEE Hot Chips 25 Symposium (HCS).

[7]  Nael B. Abu-Ghazaleh,et al.  SIFT: a low-overhead dynamic information flow tracking architecture for SMT processors , 2011, CF '11.

[8]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[9]  Wei Hu,et al.  Register transfer level information flow tracking for provably secure hardware design , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[10]  Yunheung Paek,et al.  HDFI: Hardware-Assisted Data-Flow Isolation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[11]  David Patterson,et al.  An Agile Approach to Building RISC-V Microprocessors , 2016, IEEE Micro.

[12]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[13]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[14]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[15]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[16]  Yong Ho Hwang IoT Security & Privacy: Threats and Challenges , 2015, IoTPTS@AsiaCCS.

[17]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[18]  Simha Sethumadhavan,et al.  WHISK: An uncore architecture for Dynamic Information Flow Tracking in heterogeneous embedded SoCs , 2013, 2013 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[19]  Karthikeyan Sankaralingam,et al.  Kickstarting Semiconductor Innovation with Open Source Hardware , 2017, Computer.