FIRV: A language-based control flow integrity protection for RISC-V architectures

Wróbel, Szymon; Kępa, Krzysztof

doi:10.15199/48.2025.02.46

Artykuł - szczegóły

Tytuł artykułu

FIRV: A language-based control flow integrity protection for RISC-V architectures

Autorzy

Wróbel Szymon , Kępa Krzysztof

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.15199/48.2025.02.46

Warianty tytułu

FIRV: oparta na języku ochrona integralności przepływu sterowania dla architektur RISC-V

Języki publikacji

Abstrakty

Side-channel and fault-injection attacks using e.g. EM/laser pulse, power glitching are a major concern in the context of embedded systems, IoT devices, and cloud security. The Software-implemented Hardware-fault Tolerance (SIHFT) countermeasures are the main approach to hardening the systems built using Commercial Off-the-Shelf (COTS) components, in which modification of hardware is not feasible. The research presented in this article is focused on an open-source solution to language-based, compile-time application of SIHFT countermeasures. The proof-of-concept implementation is based on the LLVM compiler framework and demonstrates using Rust language frontend, allowing the use of other compiler features, like optimisation passes and support for multiple target platforms. The results of the research are publicly available in GitHub repository.

Ataki kanałem pobocznym I wstrzykiwanie błędów przy użyciu impulsu elektromagnetycznego/laserowego, lub usterki zasilania, stanowią poważny problem w kontekście systemów wbudowanych, urządzeń IoT i bezpieczeństwa w chmurze. Implementowane programowo środki zaradcze Hardware-Fault Tolerance (SIHFT) są głównym podejściem do utwardzania systemów zbudowanych przy użyciu komercyjnych komponentów, w których modyfikacja sprzętu nie jest możliwa. Badania przedstawione w tym artykule koncentrują się na otwarto-zródłowym językowym rozwiązaniu stosowanym w czasie kompilacji. Implementacja prototypu jest oparta na projekcie modularnego kompilatora LLVM i demonstruje użycie kompilatora dla języka Rust, co pozwala na korzystanie z innych funkcji kompilatora, takich jak przebiegi optymalizacyjne i obsługa wielu platform docelowych. Wyniki badań są publicznie dostępne w repozytorium GitHub.

Słowa kluczowe

compilation fault injection language countermeasures LLVM RISC-V rust

kompilacja wstrzykiwanie błędów środki zaradcze języka LLVM RISC-V Rust

Wydawca

Wydawnictwo SIGMA-NOT

Czasopismo

Przegląd Elektrotechniczny

Rocznik

2025

Tom

R. 101, nr 2

Strony

204--209

Opis fizyczny

Bibliogr. 39 poz., rys.

Twórcy

autor

Wróbel Szymon

szymon.wrobel@pwr.edu.pl

Wydział Informatyki i Telekomunikacji, Katedra Podstaw Informatyki, ul. Janiszewskiego 11/17, 50-372 Wrocław

https://orcid.org/0009-0009-0112-4092

autor

Kępa Krzysztof

krzysztof.kepa@pwr.edu.pl

Wydział Informatyki i Telekomunikacji, Katedra Podstaw Informatyki, ul. Janiszewskiego 11/17, 50-372 Wrocław

https://orcid.org/0000-0003-0702-9570

Bibliografia

[1] Kocher P.C., Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems, Koblitz, N. (ed.) Advances in Cryptology — CRYPTO ’96, (1996), 104–113
[2] Kocher P., Jaffe J., Jun B., Differential power analysis, Wiener, M.(ed.) Advances in Cryptology - CRYPTO’ 99, (1999), 388–397
[3] Genkin D., et al., Ecdsa key extraction from mobile devices via nonintrusive physical side channels, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS’16 (2016), 1626–1638
[4] Kim T., Shin Y., Thermalbleed: A practical thermal side-channel attack, IEEE Access 10, (2022), 25718–25731
[5] Kühnapfel N., et al., Em-fault it yourself: Building a replicable emfi setup for desktop and server hardware, In 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), (2022), 1-7
[6] Gomina K., et al., Power supply glitch attacks: Design and evaluation of detection circuits, in 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), (2014) 136–141
[7] Krachenfels T., et al., Evaluation of low-cost thermal laser stimulation for data extraction and key readout, J. Hardw. Syst. Secur. 4(1) (2020), 24–33
[8] Solanki S., Kaur M., Design and verification of fault tolerance ip core using sihft technique, In 2017 International Conference on Current Trends in Computer, Electrical, Electronics and Communication (CTCEEC), (2017), 860–863
[9] Kiaei P., Breunesse C.B., Ahmadi M., Schaumont P., Woudenberg J.v., Rewrite to reinforce: Rewriting the binary to apply countermeasures against fault injection, 58th ACM/IEEE Design Automation Conference (DAC), (2021), 319–324
[10] BSI, A study on hardware attacks against microcontrollers,Tech. rep., BSI (2023)
[11] Standaert F.X., Introduction to Side-Channel Attacks, Springer US, (2010), 27–42
[12] Spreitzer R., et al., Systematic classification of side-channel attacks: A case study for mobile devices, IEEE Communications Surveys & Tutorials, 20(1) (2018), 465–488
[13] Bar-El H., et al., The sorcerer’s apprentice guide to fault attacks,Proc. of the IEEE, 94(2) (2006), 370–382
[14] Gravellier J., et al., High-speed ring oscillator based sensors for remote side-channel attacks on fpgas, In 2019 International Conference on ReConFigurable Computing and FPGAs (ReConFig), (2019), 1–8
[15] Tang A., Sethumadhavan S., Stolfo S.J.: CLKSCREW: exposing the perils of security-oblivious energy management, In Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, USENIX Association (2017), 1057–1074
[16] Patterson D.A., Hennessy J.L., Computer Organization and Design RISC-V Edition: The Hardware Software Interface,Morgan Kaufmann Publishers Inc., (2017)
[17] Waterman A., Asanović K., The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Document Version 20191213. Tech. rep., RISC-V Foundation, (2019)
[18] QEMU project, source code repository, https://github.com/qemu/qemu (accessed 2023).
[19] Apple, developer tools (snapshot from 23.04.2011).https://web.archive.org/web/20110423095129/https://developer.apple.com/technologies/tools/
[20] LLVM users, https://llvm.org/Users.html, (2022)
[21] LLVM project. https://www.llvm.org/, (2022)
[22] Aho A.V., et al., Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., (2006)
[23] Moro N., et al., Formal verification of a software countermeasure against instruction skip attacks, Journal of CryptographicEngineering, 4(3) (2014), 145–156
[24] Barry T., Couroussé D., Robisson B., Compilation of a countermeasure against instruction-skip fault attacks, In Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, CS2’16, Association for Computing Machinery (2016), 1–6
[25] Chen Z., et al., A compiler approach to mitigate fault attacks via enhanced simdization, In 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2017), 57–64
[26] Schilling R., Werner M., Mangard S., Securing conditional branches in the presence of fault attacks, In 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE). (2018), 1586–1591
[27] Oh N., Shirvani P., McCluskey E., Error detection by duplicated instructions in super-scalar processors, IEEE Transactions on Reliability, 51(1) (2002), 63–75
[28] Reis G., et al., Swift: software implemented fault tolerance, In International Symposium on Code Generation and Optimization, (2005), 243–254
[29] Richter-Brockmann J., et al., Fiver - robust verification of countermeasures against fault injections, IACR Trans. on Cryptographic Hardware and Embedded Sys., (2021), 447–473
[30] wolfSSL: Secure boot and glitching attacks,https://www.wolfssl.com/secure-boot-glitching-attacks/, (2022)
[31] lowRISC, OpenTitan, code repository https://github.com/lowRISC/opentitan, (accessed 2023)
[32] https://github.com/mcu-tools/mcuboot, (accessed 2023)
[33] COGITO, project COGITO ANR-13-INSE-0006-01, http://www.cogito-anr.fr, (accessed 2023)
[34] Geier J., et al., CompaSeC: A compiler-assisted securitycountermeasure to address instruction skip fault attacks on RISC-V, In 2023 28th Asia and South Pacific Design AutomationConference (ASP-DAC), (2023), 1–7
[35] Vankeirsbilck J., et al., Random additive signature monitoring for control flow error detection, IEEE Transactions on Reliability66(4) (2017), 1178–1192
[36] Dumont M., Lisart M., Maurine P., Electromagnetic fault injection: How faults occur, In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FTDC), (2019), 9-16
[37] Breier J., Hou X., How practical are fault injection attacks, really? IEEE Access, 10 (2022), 113122–113130
[38] Eubanks A., The New Pass Manager,https://blog.llvm.org/posts/2021-03-26-the-new-pass-manager/, (2021)
[39] Wróbel Sz., Project FIRV, (2023), https://github.com/firv-comp

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-2d96c90e-1136-4f98-9bb5-0a5898b30b86