scispace - formally typeset
Search or ask a question
Author

Sourav Das

Bio: Sourav Das is an academic researcher from Indian Institute of Technology Madras. The author has contributed to research in topics: Shadow memory & Pointer (computer programming). The author has an hindex of 1, co-authored 1 publications receiving 8 citations.

Papers
More filters
Proceedings ArticleDOI
23 Jun 2019
TL;DR: The proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers, which eliminates the use of shadow memory space, or any table to store the pointer metadata, and reduces the storage overheads by a great extent.
Abstract: In this era of IoT devices, security is very often traded off for smaller device footprint and low power consumption. Considering the exponentially growing security threats of IoT and cyber-physical systems, it is important that these devices have built-in features that enhance security. In this paper, we present Shakti-MS, a lightweight RISC-V processor with built-in support for both temporal and spatial memory protection. At run time, Shakti-MS can detect and stymie memory misuse in C and C++ programs, with minimum runtime overheads. The solution uses a novel implementation of fat-pointers to efficiently detect misuse of pointers at runtime. Our proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers. We store the fat-pointer on the stack, which eliminates the use of shadow memory space, or any table to store the pointer metadata. This reduces the storage overheads by a great extent. The cookie also helps to preserve control flow of the program by ensuring that the return address never gets modified by vulnerabilities like buffer overflows. Shakti-MS introduces new instructions in the microprocessor hardware, and also a modified compiler that automatically inserts these new instructions to enable memory protection. This co-design approach is intended to reduce runtime and area overheads, and also provides an end-to-end solution. The hardware has an area overhead of 700 LUTs on a Xilinx Virtex Ultrascale FPGA and 4100 cells on an open 55nm technology node. The clock frequency of the processor is not affected by the security extensions, while there is a marginal increase in the code size by 11% with an average runtime overhead of 13%.

14 citations


Cited by
More filters
Proceedings ArticleDOI
19 Apr 2021
TL;DR: In-Fat Pointer as mentioned in this paper improves the protection granularity of tagged-pointer schemes using object metadata, which is efficient and binary-compatible for object-bound spatial safety, and uses three complementary object metadata schemes to reduce the number of pointer tag bits needed for metadata lookup.
Abstract: Programming languages like C and C++ are not memory-safe because they provide programmers with low-level pointer manipulation primitives. The incorrect use of these primitives can result in bugs and security vulnerabilities: for example, spatial memory safety errors can be caused by dereferencing pointers outside the legitimate address range belonging to the corresponding object. While a range of schemes to provide protection against these vulnerabilities have been proposed, they all suffer from the lack of one or more of low performance overhead, compatibility with legacy code, or comprehensive protection for all objects and subobjects. We present In-Fat Pointer, the first hardware-assisted defense that can achieve spatial memory safety at subobject granularity while maintaining compatibility with legacy code and low overhead. In-Fat Pointer improves the protection granularity of tagged-pointer schemes using object metadata, which is efficient and binary-compatible for object-bound spatial safety. Unlike previous work that devotes all pointer tag bits to object metadata lookup, In-Fat Pointer uses three complementary object metadata schemes to reduce the number pointer tag bits needed for metadata lookup, allowing it to use the left-over bits, along with in-memory type metadata, to refine the object bounds to subobject granularity. We show that this approach provides practical protection of fine-grained spatial memory safety.

14 citations

Proceedings ArticleDOI
24 May 2021
TL;DR: In this paper, the authors present the potential of RISC-V in security research, the way in which RISCv can be hardened against power analysis attacks, how to implement, using RISCV, software and hardware/software solutions for dual core lock step, and how to perform system-level testing in the RISC V ecosystem.
Abstract: RISC-V has emerged as a viable solution on academia and industry. However, to use open source hardware for safety-critical applications, we need a deep understanding of the way in which well established mechanisms for testing and reliability could be integrated and deployed on the RISC-V ecosystem, and we need a clear knowledge on how such an ecosystem can be leveraged to improve security. This paper includes four contributions presenting the potential of RISC-V in security research, the way in which RISC-V can be hardened against power analysis attacks, how to implement, using RISC-V, software and hardware/software solutions for dual core lock step, and how to perform system-level testing in the RISC-V ecosystem.

2 citations

Journal ArticleDOI
TL;DR: In this paper , the authors provide a comprehensive survey on existing works about RISC-V ISA extensions, and highlight some possible future research opportunities on the RISCv ISA extension.
Abstract: RISC-V is an open-source and royalty-free instruction set architecture (ISA), which opens up a new era of processor innovation. RISC-V has the characteristics of modularization and extensibility, and explicitly supports domain-specific custom extensions. Nowadays, RISC-V is a popular ISA for embedded processors. However, there is still a gap between the capabilities of RISC-V and the requirements of various emerging computing scenarios (e.g., artificial intelligence, cloud computing). Recently, the RISC-V standards organization has continuously introduced new ISA extensions to meet the needs of advanced computing. There are also a variety of novel research proposed customized extensions of RISC-V for certain scenarios. As far as we know, there is a lack of a survey to systematically present the research progress of RISC-V ISA extensions. The goal of this paper is to provide a comprehensive survey on existing works about RISC-V ISA extensions. First, the application scenarios of RISC-V are introduced, and the requirements for ISA extensions are analyzed. Then, we survey the progress of official RISC-V ISA extension specification and recent research on RISC-V ISA extension. Finally, we highlight some possible future research opportunities on the RISC-V ISA extension.

1 citations

Proceedings ArticleDOI
01 Sep 2019
TL;DR: It is shown that there is a fundamental design flaw in Intel MPX and all other hardware enforced pointer protection schemes that were surveyed, making all of them vulnerable to Meltdown, and a design strategy is suggested, called MSMPX, that provides hardware enforced pointers protection, while at the same time being immune to meltdown.
Abstract: In recent years several hardware enforced pointer protection schemes have been proposed. The most notable amongst them is the Intel MPX, which can identify spatial violations at run time. Recently, it is shown that Intel MPX is vulnerable to a potent attack called Meltdown, which exploits the processor’s transient behavior during speculative execution.In this paper, we show that there is a fundamental design flaw in Intel MPX and all other hardware enforced pointer protection schemes that we surveyed, making all of them vulnerable to Meltdown. We then suggest a design strategy called MSMPX, that provides hardware enforced pointer protection, while at the same time being immune to Meltdown. We compare the hardware overheads on an OpenRISC processor and the performance overheads with respect to Intel MPX.

1 citations