Journal ArticleDOI
Hardware Assisted Buffer Protection Mechanisms for Embedded RISC-V
TLDR
A physically unclonable function (PUF)-based randomized canary generation technique is employed that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads.Abstract:
RISC-V is a promising open-source architecture that targets low-power embedded devices and system-on-chips (SoCs). However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks, such as buffer overflow and return-oriented programming (ROP). In this article, we propose two hardware-implemented security extensions to RISC-V that provides a defense mechanism against such attacks. We first employ a physically unclonable function (PUF)-based randomized canary generation technique that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads. We implement the proposed Canary Engine in RISC-V RocketChip with rocket custom coprocessor (RoCC). The simulation results show 2.2% average execution overhead with a single buffer protection, while a $10\times $ increase in buffer count only increases the overhead by $1.5\times $ when protection is extended to all buffers. We further improve upon this with a dedicated security coprocessor flow integrity extensions for embedded RISC-V (FIXER), implemented on the RoCC. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the processor core. Compared to software-based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.read more
Citations
More filters
Journal ArticleDOI
A Survey of Recent Advances in Edge-Computing-Powered Artificial Intelligence of Things
TL;DR: An extensive survey of an end-edge-cloud orchestrated architecture for flexible AIoT systems and the emerging technologies for AI models regarding inference and training at the edge of the network are reviewed.
Journal ArticleDOI
Hardware-Implemented Security Processing Unit for Program Execution Monitoring and Instruction Fault Self-Repairing on Embedded Systems
TL;DR: This paper presents a hardware-enhanced embedded system with the integration of a Security Processing Unit (SPU) in which integrity signature checking and checkpoint-rollback mechanisms are coupled to achieve real-time program execution monitoring and instruction fault self-repairing.
Proceedings ArticleDOI
A simple countermeasure to mitigate buffer overflow attack using minimalistic hardware-integrated software simulation for FPGA
S. Sayeeshwari,E Prabhu +1 more
TL;DR: checking of bounds of the buffer memory, accompanied by using minimalistic number of logic gates as an encryption method, was simulated and demonstrated to successfully function as a strong countermeasure to this vulnerability.
Book ChapterDOI
Recommendation for a holistic secure embedded ISA extension
TL;DR: In this article , a holistic instruction set extension is proposed to augment the RISC-V instruction set architecture with instructions to defend against software exploitation and fault attacks on embedded systems, and the authors implement their design using the gem5 simulator system and a binary translation approach.
Journal ArticleDOI
Watchdog Monitoring for Detecting and Handling of Control Flow Hijack on RISC-V-based Binaries
TL;DR: A proof of concept in IP-CFI is presented which when applied to a vulnerable program, ROP is mitigated and the target program incurs a run-time overhead of 1.5%.
References
More filters
Proceedings ArticleDOI
Physical unclonable functions for device authentication and secret key generation
G. Edward Suh,Srinivas Devadas +1 more
TL;DR: This work presents PUF designs that exploit inherent delay characteristics of wires and transistors that differ from chip to chip, and describes how PUFs can enable low-cost authentication of individual ICs and generate volatile secret keys for cryptographic operations.
Proceedings Article
Physical Unclonable Functions for Device Authentication and Secret Key Generation
Journal ArticleDOI
Physical one-way functions
TL;DR: The concept of fabrication complexity is introduced as a way of quantifying the difficulty of materially cloning physical systems with arbitrary internal states as primitives for physical analogs of cryptosystems.
Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Proceedings ArticleDOI
Innovative instructions and software model for isolated execution
Frank Mckeen,Ilya Alexandrovich,Alex Berenzon,Carlos V. Rozas,Hisham Shafi,Vedvyas Shanbhogue,Uday R. Savagaonkar +6 more
TL;DR: This paper analyzes the threats and attacks to applications, then describes the ISA extension for generating a HW based container, and describes the programming model of this container.