scispace - formally typeset
Proceedings ArticleDOI

Shakti-T: A RISC-V Processor with Light Weight Security Extensions

25 Jun 2017-pp 2
TL;DR: This work presents a unified hardware framework for handling spatial and temporal memory attacks with a RISC-V based micro-architecture with an enhanced application binary interface that enables software layers to use these features to protect sensitive data.
Abstract: With increased usage of compute cores for sensitive applications, including e-commerce, there is a need to provide additional hardware support for securing information from memory based attacks. This work presents a unified hardware framework for handling spatial and temporal memory attacks. The paper integrates the proposed hardware framework with a RISC-V based micro-architecture with an enhanced application binary interface that enables software layers to use these features to protect sensitive data. We demonstrate the effectiveness of the proposed scheme through practical case studies in addition to taking the design through a VLSI CAD design flow. The proposed processor reduces the metadata storage overhead up to 4 x in comparison with the existing solutions, while incurring an area overhead of just 1914 LUTs and 2197 flip flops on an FPGA, without affecting the critical path delay of the processor.
Topics: Overhead (computing) (56%), Application binary interface (52%), Field-programmable gate array (52%), RISC-V (52%), Design flow (51%)
Citations
More filters

Proceedings ArticleDOI
06 Mar 2019-
TL;DR: A lightweight hardware-based secure boot architecture that incorporates an optimized Physical Unclonable Function (PUF) for providing keys to the security blocks of the System on Chip (SoC), among which, secure boot and remote attestation are presented.
Abstract: Securing thousands of connected, resource-constrained computing devices is a major challenge nowadays. Adding to the challenge, third party service providers need regular access to the system. To ensure the integrity of the system and authenticity of the software vendor, secure boot is supported by several commercial processors. However, the existing solutions are either complex, or have been compromised by determined attackers. In this scenario, open-source secure computing architectures are poised to play an important role for designers and white hat attackers. In this manuscript, we propose a lightweight hardware-based secure boot architecture. The architecture uses efficient implementation of Elliptic Curve Digital Signature Algorithm (ECDSA), Secure Hash Algorithm 3 (SHA3) hashing algorithm and Direct Memory Access (DMA). In addition, the architecture includes Key Management Unit, which incorporates an optimized Physical Unclonable Function (PUF) for providing keys to the security blocks of the System on Chip (SoC), among which, secure boot and remote attestation. We demonstrated the framework on RISC-V based SoC. Detailed analysis of performance and security for the platform is presented.

16 citations


Cites background from "Shakti-T: A RISC-V Processor with L..."

  • ...Shakti-T [8] employs the concept of base and bounds to ensure that pointers access only valid memory regions....

    [...]


Journal ArticleDOI
TL;DR: A hardware-based countermeasure against return address corruption in the processor stack is proposed and validated on the OpenRISC core with a minimal hardware modification of the targeted core and an easy integration at the application level.
Abstract: With the emergence of Internet of Things, embedded devices are increasingly the target of software attacks. The aim of these attacks is to maliciously modify the behavior of the software being executed by the device. The work presented in this letter has been developed for the Cyber Security Awareness Week Embedded Security Challenge. This contest focuses on memory corruption issues, such as stack overflow vulnerabilities. These low level vulnerabilities are the result of code errors. Once exploited, they allow an attacker to write arbitrary data in memory without limitations. We detail in this letter a hardware-based countermeasure against return address corruption in the processor stack. First, several exploitation techniques targeting stack return addresses are discussed, whereas a lightweight hardware countermeasure is proposed and validated on the OpenRISC core. The countermeasure presented follows the shadow stack concept with a minimal hardware modification of the targeted core and an easy integration at the application level.

11 citations


Cites background or methods from "Shakti-T: A RISC-V Processor with L..."

  • ...On the other hand, ISA extensions such as Shakti-T [9] and Watchdog Lite [10] aim at mitigating pointer hijacking....

    [...]

  • ...First, those that use specific toolchains, compilers [9], [10] or library to adapt an applica-...

    [...]

  • ...To identify pointers, Shakti-T, and Watchdog Lite need to instrument the code in advance using compiler modification....

    [...]


Proceedings ArticleDOI
30 May 2020-
TL;DR: Xuantie-910 is an industry leading 64-bit high performance embedded RISC-V processor from Alibaba T-Head division that features custom extensions to arithmetic operation, bit manipulation, load and store, TLB and cache operations, and implements the 0.7.1 stable release of RISCV vector extension specification for high efficiency vector processing.
Abstract: The open source RISC-V ISA has been quickly gaining momentum. This paper presents Xuantie-910, an industry leading 64-bit high performance embedded RISC-V processor from Alibaba T-Head division. It is fully based on the RV64GCV instruction set and it features custom extensions to arithmetic operation, bit manipulation, load and store, TLB and cache operations. It also implements the 0.7.1 stable release of RISC-V vector extension specification for high efficiency vector processing. Xuantie-910 supports multi-core multi-cluster SMP with cache coherence. Each cluster contains 1 to 4 core(s) capable of booting the Linux operating system. Each single core utilizes the state-of-the-art 12-stage deep pipeline, out-of-order, multi-issue superscalar architecture, achieving a maximum clock frequency of 2.5 GHz in the typical process, voltage and temperature condition in a TSMC 12nm FinFET process technology. Each single core with the vector execution unit costs an area of 0.8 mm2 (excluding the L2 cache). The toolchain is enhanced significantly to support the vector extension and custom extensions. Through hardware and toolchain co-optimization, to date Xuantie-910 delivers the highest performance (in terms of IPC, speed, and power efficiency) for a number of industrial control flow and data computing benchmarks, when compared with its predecessors in the RISC-V family. Xuantie-910 FPGA implementation has been deployed in the data centers of Alibaba Cloud, for application-specific acceleration (e.g., blockchain transaction). The ASIC deployment at low-cost SoC applications, such as IoT endpoints and edge computing, is planned to facilitate Alibaba's end-to-end and cloud-to-edge computing infrastructure.

10 citations


Cites background from "Shakti-T: A RISC-V Processor with L..."

  • ...Some prior arts extended RISC-V to domainspecific accelerators/coprocessors [22], [27]–[29]....

    [...]


Proceedings ArticleDOI
23 Jun 2019-
TL;DR: The proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers, which eliminates the use of shadow memory space, or any table to store the pointer metadata, and reduces the storage overheads by a great extent.
Abstract: In this era of IoT devices, security is very often traded off for smaller device footprint and low power consumption. Considering the exponentially growing security threats of IoT and cyber-physical systems, it is important that these devices have built-in features that enhance security. In this paper, we present Shakti-MS, a lightweight RISC-V processor with built-in support for both temporal and spatial memory protection. At run time, Shakti-MS can detect and stymie memory misuse in C and C++ programs, with minimum runtime overheads. The solution uses a novel implementation of fat-pointers to efficiently detect misuse of pointers at runtime. Our proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers. We store the fat-pointer on the stack, which eliminates the use of shadow memory space, or any table to store the pointer metadata. This reduces the storage overheads by a great extent. The cookie also helps to preserve control flow of the program by ensuring that the return address never gets modified by vulnerabilities like buffer overflows. Shakti-MS introduces new instructions in the microprocessor hardware, and also a modified compiler that automatically inserts these new instructions to enable memory protection. This co-design approach is intended to reduce runtime and area overheads, and also provides an end-to-end solution. The hardware has an area overhead of 700 LUTs on a Xilinx Virtex Ultrascale FPGA and 4100 cells on an open 55nm technology node. The clock frequency of the processor is not affected by the security extensions, while there is a marginal increase in the code size by 11% with an average runtime overhead of 13%.

8 citations


Cites background or methods from "Shakti-T: A RISC-V Processor with L..."

  • ...Although [23] enhances a RISC-V processor to efficiently implement memory checks, the software support required for [23] is extremely complex....

    [...]

  • ...On the other hand, hardware solutions like [23, 25] reduce the run time overhead at the cost of hardware complexity....

    [...]

  • ...Safety Check Instrumentation Methods Metadata Size Performance Overheads Spatial Temporal Hardware Compiler Hardware Software [33] ✔ × × ✔ 128*n NA NA [27] ✔ ✔ × ✔ 256*n + 64 NA 29% [25] ✔ ✔ ✔ ✔ 256*n + 64 NA 25% [23] ✔ ✔ ✔ × 64*n + 128 0% NA [7] ✔ × ✔ × 128*n NA 10% Shakti-MS ✔ ✔ ✔ ✔ 128*n 0% 13%...

    [...]

  • ...Further, unlike [25], we are not using any separate shadow memory space and unlike [23], there are no additional tables or tag bits that are required in the processor to store pointer metadata....

    [...]


Proceedings ArticleDOI
02 Jul 2018-
TL;DR: This article focuses on devices and provides an overview of the different countermeasures that mitigate run-time attacks and exposes the perspectives and the ongoing work to make medical devices inherently more secure.
Abstract: Connected medical devices are promising in medical area. However, these devices are known to be poor in security and strongly vulnerable to code injection attacks. These attacks aim at modifying the run-time behavior of an application by violating its control flow graph. Control flow hijacking can lead hackers to remotely control medical application and endanger patient's life. This article focuses on devices and provides an overview of the different countermeasures that mitigate run-time attacks. Finally, from this state of the art, we will expose the perspectives and the ongoing work to make medical devices inherently more secure.

5 citations


Cites background from "Shakti-T: A RISC-V Processor with L..."

  • ...Shakti-T [19], WatchdogLite [20], Low-Fat Pointer [21] use both base and bound properties to ensure pointer integrity....

    [...]

  • ...Architecture Security Perspectives for Medical Devices CFI Approach CFI Level Implementation Kernel Support Lightweight Portability Support for sensitive data Adapted for IoT C-FLAT [9] Attestation H SW No M L Partial Yes LO-FAT [10] Attestation H HW No H M Partial Yes HAFIX [11] Attestation M SW/HW No H M No Yes HCFI [12] Attestation H SW/HW No H M No Yes Intel SGX [13] Isolation L SW/HW Yes L H No No Sanctum [15] Isolation L SW/HW Yes L H No No TrustZone [14] Isolation L SW/HW Yes L H No No TyTAN [17] Isolation L SW/HW RTOS H M No Yes Trustlite [16] Isolation L SW/HW RTOS H M No Yes PointGuardTM [22] Data Integrity M SW Yes M M Partial No Low-Fat Pointer [21] Data Integrity M SW/HW No M M Partial Yes Shakti-T [19] Data Integrity M SW/HW No M M Partial Yes DFI [24] Data Integrity H SW Yes L L Yes No DSR [23] Data Integrity H SW Yes L L Yes No L: Low, M: Medium, H: High...

    [...]

  • ...However, some architectures [19], [20], [21] only secure pointers and not direct data....

    [...]

  • ...For pointer integrity presented countermeasures like Shakti-T [19] or Watchdog [20] identified pointers at the compilation level....

    [...]


References
More filters

Proceedings Article
26 Jan 1998-
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Abstract: This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge. We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We describe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that trade-off between penetration resistance and performance. We present experimental results of both the penetration resistance and the performance impact of this technique.

1,481 citations


Additional excerpts

  • ...Some of the proposed solutions include: stack canaries [8]; encryption of the code pointer [9]; storing the return address in a shadow stack [11, 33, 12]; re-arranging argument locations, return addresses, previous frame pointers and local variables [34]; control flow integrity checks [1]; and, Address Space Layout Randomization (ASLR) [31]....

    [...]


Proceedings ArticleDOI
28 Oct 2007-
TL;DR: A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.
Abstract: We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to build gadgets that allow arbitrary computation. We show how to discover such instruction sequences by means of static analysis. We make use, in an essential way, of the properties of the x86 instruction set.

1,241 citations


"Shakti-T: A RISC-V Processor with L..." refers background in this paper

  • ...As the manifestations of buffer-overflow evolved over time, such as return-to-libc [30] and Return Oriented Programming (ROP) [29], several software defined solutions came into existence....

    [...]


Journal ArticleDOI
01 Jul 2003-
TL;DR: The Slammer worm spread so quickly that human response was ineffective, and why was it so effective and what new challenges do this new breed of worm pose?
Abstract: The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new challenges do this new breed of worm pose?.

1,053 citations


"Shakti-T: A RISC-V Processor with L..." refers methods in this paper

  • ...Researchers have also found several ways to exploit this vulnerability, such as the blaster worm [5] and the slammer worm [21] which have been used to perform Distributed Denial of Service attacks within a network....

    [...]


Proceedings ArticleDOI
07 Nov 2005-
TL;DR: Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
Abstract: Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement is simple, and its guarantees can be established formally even with respect to powerful adversaries. Moreover, CFI enforcement is practical: it is compatible with existing software and can be done efficiently using software rewriting in commodity systems. Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory regions.

955 citations


Additional excerpts

  • ...Some of the proposed solutions include: stack canaries [8]; encryption of the code pointer [9]; storing the return address in a shadow stack [11, 33, 12]; re-arranging argument locations, return addresses, previous frame pointers and local variables [34]; control flow integrity checks [1]; and, Address Space Layout Randomization (ASLR) [31]....

    [...]


01 Jan 1996-

911 citations


"Shakti-T: A RISC-V Processor with L..." refers background in this paper

  • ...3092629 One of the most popular form of spatial memory attacks is buffer-overflow [28]....

    [...]


Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20219
20205
20197
20187
20171
19751