Shakti-T: A RISC-V Processor with Light Weight Security Extensions
25 Jun 2017-pp 2
TL;DR: This work presents a unified hardware framework for handling spatial and temporal memory attacks with a RISC-V based micro-architecture with an enhanced application binary interface that enables software layers to use these features to protect sensitive data.
Abstract: With increased usage of compute cores for sensitive applications, including e-commerce, there is a need to provide additional hardware support for securing information from memory based attacks. This work presents a unified hardware framework for handling spatial and temporal memory attacks. The paper integrates the proposed hardware framework with a RISC-V based micro-architecture with an enhanced application binary interface that enables software layers to use these features to protect sensitive data. We demonstrate the effectiveness of the proposed scheme through practical case studies in addition to taking the design through a VLSI CAD design flow. The proposed processor reduces the metadata storage overhead up to 4 x in comparison with the existing solutions, while incurring an area overhead of just 1914 LUTs and 2197 flip flops on an FPGA, without affecting the critical path delay of the processor.
Citations
More filters
25 Mar 2019
TL;DR: RiskiM, a new hardware-based monitoring platform to ensure kernel integrity from outside the host system, is introduced and experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.
Abstract: The OS kernel is typically the assumed trusted computing base in a system. Consequently, when they try to protect the kernel, developers often build their solutions in a separate secure execution environment externally located and protected by special hardware. Due to limited visibility into the host system, the external solutions basically all entail the semantic gap problem which can be easily exploited by an adversary to circumvent them. Thus, for complete kernel protection against such adversarial exploits, previous solutions resorted to aggressive techniques that usually come with various adverse side effects, such as high performance overhead, kernel code modifications and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, our new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To overcome the semantic gap problem, we have devised a hardware interface architecture, called PEMI, by which RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel even in the presence of attacks exploiting the semantic gap between the host and RiskiM. To empirically validate the security strength and performance of our monitoring platform in existing systems, we have fully implemented RiskiM in a RISC-V system. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.
7 citations
Cites background from "Shakti-T: A RISC-V Processor with L..."
..., extensively modified core microarchitecture and ISA, efficiently provides a SEE for various security solutions, such as taint tracking and memory safety [30]–[32]....
[...]
01 Aug 2018
TL;DR: This paper describes a tool for exploring RISC-V projects that provides a web-interface for executing C/C++ code, tests, and benchmarks and is packaged with interactive tutorials for extending, modifying, and reproducing the work.
Abstract: The RISC-V specification is a highly flexible specification for low-cost processors. The RISC-V ISA is royalty free, vendor agnostic, easily portable between development environments, and highly flexible to match the demands of an application. These characteristics make RISC-V a natural ISA choice for an FPGA soft processor and this has led to widespread adoption in academia and industry. However, the sheer number of RISC-V projects can be daunting for potential users. This paper describes a tool for exploring RISC-V projects. Our tool provides a web-interface for executing C/C++ code, tests, and benchmarks. Our tool is packaged with interactive tutorials for extending, modifying, and reproducing our work.
6 citations
Cites background from "Shakti-T: A RISC-V Processor with L..."
...More targeted research projects have tested security extensions [20], [21], [22] while others have sought smallest implementation size [9], [23], or highest performance [17]....
[...]
10 Apr 2020
TL;DR: This paper presents a simplified architecture of a fully Synthesizable 32-bit processor ”bitRISC” based on the open-source RISC-V (RV32I) ISA and also introduced two new Risc-V BMI’s and implemented it on the designed processor, targeted for low-cost Embedded/IoT systems to optimize power, cost and design complexity.
Abstract: Consumer electronic computational device requires an efficient system, having minimal Cost and Power Consumption, with high energy efficiency and security. RISCV is a widely accepted Instruction set architecture (ISA) due to its compatibility with direct native hardware implementation rather than simulations and has support for extensive ISA extensions with specialized variants. Bit Manipulation Instructions (BMIs) were introduced by ARM and Intel to improve the runtime efficiency and power dissipation of the program although RISC-V ISA is popular it currently supports only two basic BMIs.This paper presents a simplified architecture of a fully Synthesizable 32-bit processor ”bitRISC” based on the open-source RISC-V (RV32I) ISA and also introduced two new RISC-V BMI’s and implemented it on our designed processor, targeted for low-cost Embedded/IoT systems to optimize power, cost and design complexity. The ”bitRISC” is a single cycle processor designed using Verilog HDL and our simplified architecture and is further prototyped on ”ZedBoard” FPGA.
6 citations
Cites background from "Shakti-T: A RISC-V Processor with L..."
...According to the value of slsel the result gets written to Register file at address giving by rd, because write enable for register file is also high....
[...]
...SW R8, 4(R0) store Mem[Reg[R0] + (4)] = Reg[8] The processor was tested at different modules by having dedicated Test-Benches for each module to verify the correctness of its architecture and result of the system thereby increasing the Robustness of the model....
[...]
...grup R8, R5, R1 group R5 according to R1 and store in R8 SW R8, 4(R0) store Mem[Reg[R0] + (4)] <= Reg[8]...
[...]
...The pcsel, bsel, slsel acts as the select lines for the next value of PC, for 2nd operand to ALU (B-select Block), for inputs to Register-file (Store Logic Block), respectively....
[...]
...The Register file module contains an array of 32 generalpurpose registers of width 32-bits each from R0 to R31....
[...]
10 Dec 2020
TL;DR: SRACARE as mentioned in this paper is a framework that utilizes the custom lightweight, secure communication protocol that performs remote/local attestation, and secure boot with an onboard resilience recovery mechanism to protect the devices from the above-mentioned attacks.
Abstract: Recent technological advancements have enabled proliferated use of small embedded and IoT devices for collecting, processing, and transferring the security-critical information and user data. This exponential use has acted as a catalyst in the recent growth of sophisticated attacks such as the replay, man-in-the-middle, and malicious code modification to slink, leak, tweak or exploit the security-critical information in malevolent activities. Therefore, secure communication and software state assurance (at run-time and boot-time) of the device has emerged as open security problems. Furthermore, these devices need to have an appropriate recovery mechanism to bring them back to the known-good operational state. Previous researchers have demonstrated independent methods for attack detection and safeguard. However, the majority of them lack in providing onboard system recovery and secure communication techniques. To bridge this gap, this manuscript proposes SRACARE - a framework that utilizes the custom lightweight, secure communication protocol that performs remote/local attestation, and secure boot with an onboard resilience recovery mechanism to protect the devices from the above-mentioned attacks. The prototype employs an efficient lightweight, low-power 32-bit RISC-V processor, secure communication protocol, code authentication, and resilience engine running on the Artix 7 Field Programmable Gate Array (FPGA) board. This work presents the performance evaluation and state-of-the-art comparison results, which shows promising resilience to attacks and demonstrate the novel protection mechanism with onboard recovery. The framework achieves these with only 8% performance overhead and a very small increase in hardware-software footprint.
6 citations
TL;DR: An intelligent security monitoring system with real-time detection, tracking, and identification functions through hardware and software collaborative design and a video downsampling technique to achieve better video display effects under limited hardware resources is built.
Abstract: With the development of the economy and society, the demand for social security and stability increases. However, traditional security systems rely too much on human resources and are affected by uncontrollable community security factors. An intelligent security monitoring system can overcome the limitations of traditional systems and save human resources, contributing to public security. To build this system, a RISC-V SoC is first designed in this paper and implemented on the Nexys-Video Artix-7 FPGA. Then, the Linux operating system is transplanted and successfully run. Meanwhile, the driver of related hardware devices is designed independently. After that, three OpenCV-based object detection models including YOLO (You Only Look Once), Haar (Haar-like features), and LBP (Local Binary Pattern) are compared, and the LBP model is chosen to design applications. Finally, the processing speed of 1.25 s per frame is realized to detect and track moving objects. To sum up, we build an intelligent security monitoring system with real-time detection, tracking, and identification functions through hardware and software collaborative design. This paper also proposes a video downsampling technique. Based on this technique, the BRAM resource usage on the hardware side is reduced by 50% and the amount of pixel data that needs to be processed on the software side is reduced by 75%. A video downsampling technology is also proposed in this paper to achieve better video display effects under limited hardware resources. It provides conditions for future function expansion and improves the models’ processing speed. Additionally, it reduces the run time of the application and improves the system performance.
5 citations
References
More filters
Proceedings Article•
26 Jan 1998TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Abstract: This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.
We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We describe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that trade-off between penetration resistance and performance. We present experimental results of both the penetration resistance and the performance impact of this technique.
1,536 citations
Additional excerpts
...Some of the proposed solutions include: stack canaries [8]; encryption of the code pointer [9]; storing the return address in a shadow stack [11, 33, 12]; re-arranging argument locations, return addresses, previous frame pointers and local variables [34]; control flow integrity checks [1]; and, Address Space Layout Randomization (ASLR) [31]....
[...]
28 Oct 2007
TL;DR: A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.
Abstract: We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to build gadgets that allow arbitrary computation. We show how to discover such instruction sequences by means of static analysis. We make use, in an essential way, of the properties of the x86 instruction set.
1,367 citations
"Shakti-T: A RISC-V Processor with L..." refers background in this paper
...As the manifestations of buffer-overflow evolved over time, such as return-to-libc [30] and Return Oriented Programming (ROP) [29], several software defined solutions came into existence....
[...]
01 Jul 2003
TL;DR: The Slammer worm spread so quickly that human response was ineffective, and why was it so effective and what new challenges do this new breed of worm pose?
Abstract: The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new challenges do this new breed of worm pose?.
1,070 citations
"Shakti-T: A RISC-V Processor with L..." refers methods in this paper
...Researchers have also found several ways to exploit this vulnerability, such as the blaster worm [5] and the slammer worm [21] which have been used to perform Distributed Denial of Service attacks within a network....
[...]
07 Nov 2005
TL;DR: Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
Abstract: Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement is simple, and its guarantees can be established formally even with respect to powerful adversaries. Moreover, CFI enforcement is practical: it is compatible with existing software and can be done efficiently using software rewriting in commodity systems. Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory regions.
992 citations
Additional excerpts
...Some of the proposed solutions include: stack canaries [8]; encryption of the code pointer [9]; storing the return address in a shadow stack [11, 33, 12]; re-arranging argument locations, return addresses, previous frame pointers and local variables [34]; control flow integrity checks [1]; and, Address Space Layout Randomization (ASLR) [31]....
[...]
01 Jan 1996
951 citations
"Shakti-T: A RISC-V Processor with L..." refers background in this paper
...3092629 One of the most popular form of spatial memory attacks is buffer-overflow [28]....
[...]