scispace - formally typeset
Search or ask a question
Author

Laurent Amato

Other affiliations: University of Grenoble
Bio: Laurent Amato is an academic researcher from Grenoble Institute of Technology. The author has contributed to research in topics: Return-oriented programming & OpenRISC. The author has an hindex of 2, co-authored 2 publications receiving 19 citations. Previous affiliations of Laurent Amato include University of Grenoble.

Papers
More filters
Journal ArticleDOI
TL;DR: A hardware-based countermeasure against return address corruption in the processor stack is proposed and validated on the OpenRISC core with a minimal hardware modification of the targeted core and an easy integration at the application level.
Abstract: With the emergence of Internet of Things, embedded devices are increasingly the target of software attacks. The aim of these attacks is to maliciously modify the behavior of the software being executed by the device. The work presented in this letter has been developed for the Cyber Security Awareness Week Embedded Security Challenge. This contest focuses on memory corruption issues, such as stack overflow vulnerabilities. These low level vulnerabilities are the result of code errors. Once exploited, they allow an attacker to write arbitrary data in memory without limitations. We detail in this letter a hardware-based countermeasure against return address corruption in the processor stack. First, several exploitation techniques targeting stack return addresses are discussed, whereas a lightweight hardware countermeasure is proposed and validated on the OpenRISC core. The countermeasure presented follows the shadow stack concept with a minimal hardware modification of the targeted core and an easy integration at the application level.

12 citations

Proceedings ArticleDOI
03 Jul 2017
TL;DR: Some vulnerabilities of commonly use processor which can be leveraged by hackers to attack a system are demonstrated and a hardware countermeasure is proposed and validated on OpenRISC against Return Oriented Programming attack.
Abstract: Software attacks are commonly performed against embedded systems in order to access private data or to run restricted services. In this work, we demonstrate some vulnerabilities of commonly use processor which can be leveraged by hackers to attack a system. The targeted devices are based on open processor architectures OpenRISC and RISC-V. Several software exploits are discussed and demonstrated while a hardware countermeasure is proposed and validated on OpenRISC against Return Oriented Programming attack.

9 citations


Cited by
More filters
Proceedings ArticleDOI
25 Mar 2019
TL;DR: In this paper, the authors propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against buffer overflow and return-oriented programming (ROP) attacks.
Abstract: With the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

24 citations

Journal ArticleDOI
TL;DR: A physically unclonable function (PUF)-based randomized canary generation technique is employed that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads.
Abstract: RISC-V is a promising open-source architecture that targets low-power embedded devices and system-on-chips (SoCs). However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks, such as buffer overflow and return-oriented programming (ROP). In this article, we propose two hardware-implemented security extensions to RISC-V that provides a defense mechanism against such attacks. We first employ a physically unclonable function (PUF)-based randomized canary generation technique that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads. We implement the proposed Canary Engine in RISC-V RocketChip with rocket custom coprocessor (RoCC). The simulation results show 2.2% average execution overhead with a single buffer protection, while a $10\times $ increase in buffer count only increases the overhead by $1.5\times $ when protection is extended to all buffers. We further improve upon this with a dedicated security coprocessor flow integrity extensions for embedded RISC-V (FIXER), implemented on the RoCC. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the processor core. Compared to software-based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

13 citations

Proceedings ArticleDOI
17 Jun 2019
TL;DR: Numerical assessments of the vulnerability of the devices which comprise The Internet of Things to a class of attacks based on triggering buffer overflows and the deficiencies of the prevention measures provided in FreeRTOS are shown.
Abstract: The vulnerability of electronic systems to attacks from hostile agents over the Internet is a matter of growing concern as the digital world becomes increasingly interconnected. Many countermeasures have been put in place to address these concerns, but the computational burden they impose may be excessive for low-power devices. In particular, the devices which comprise The Internet of Things are particularly vulnerable. This paper provides numerical assessments of their vulnerability to a class of attacks based on triggering buffer overflows. We focus on two such attacks, namely return-to-lib-c and code injection, for IoT devices using the FreeRTOS (V9.0.0) operating system. We show the deficiencies of the prevention measures provided in FreeRTOS to prevent these kinds of attacks, and compare them to the more robust mechanisms available in a mainstream OS (Ubuntu 16.04.1). The paper concludes with suggestions of how to mitigate these vulnerabilities in FreeRTOS - further investigation will be required to determine whether similar vulnerabilities exist in other IoT operating systems.

12 citations

Journal ArticleDOI
Xiang Wang1, Zongmin Zhao1, Dongdong Xu1, Zhun Zhang1, Qiang Hao1, Mengchen Liu1 
TL;DR: An architecture for the security monitoring and fault recovery is proposed for run-time program execution, which builds a Monitoring Cache (M-Cache) and then checks the integrity based on reference data and also takes the rollback operation after the unsuccessful of integrity check.
Abstract: Recently, extensive research attention has been drawn to the program executing security of embedded processor since increasing code tamper attacks, as well as transient faults severely affect the safety of embedded systems. The security monitoring and fault recovery technique is one of the effective methods to ensure the security and performance of embedded devices. In this article, an architecture for the security monitoring and fault recovery is proposed for run-time program execution, which builds a Monitoring Cache (M-Cache) and then checks the integrity based on reference data. Especially, the proposed architecture will build the checkpoint once the M-Cache is missed and also take the rollback operation after the unsuccessful of integrity check. In addition, three tampered positions (e.g., instruction register within the pipeline, instruction within the cache, and code within memory) have been elaborately focused on to guarantee the normal running of the embedded system. Eventually, by adopting the open RISC processor for algorithm implementation and verification, the proposal has been proven to be promising for the detection of a fault or tampered program, as well as the fast recovery of running environment and code.

9 citations

Proceedings ArticleDOI
01 Apr 2020
TL;DR: The paper presents a generic, portable, and lightweight CFI solution for bare-metal embedded systems, i.e., systems that execute firmware directly from their Flash memory, without any Operating System.
Abstract: Memory corruption vulnerabilities, mainly present in C and C++ applications, may enable attackers to maliciously take control over the program running on a target machine by forcing it to execute an unintended sequence of instructions present in memory. This is the principle of modern Code-Reuse Attacks (CRAs) and of famous attack paradigms as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). Control-Flow Integrity (CFI) is a promising approach to protect against such runtime attacks. Recently, many CFI-based solutions have been proposed, resorting to both hardware and software implementations. However, many of these solutions are hardly applicable to microcontroller systems, often very resource-limited. The paper presents a generic, portable, and lightweight CFI solution for bare-metal embedded systems, i.e., systems that execute firmware directly from their Flash memory, without any Operating System. The proposed defense mixes software and hardware instrumentation and is based on monitoring the Control-Flow Graph (CFG) with an FPGA connected to the CPU. The solution, applicable in principle to any architecture which disposes of an FPGA, forces all control-flow transfers to be compliant with the CFG, and preserves the execution context from possible corruption when entering unpredictable code such as Interrupt Services Routines (ISR).

9 citations