Visible to the public FIXER: Flow Integrity Extensions for Embedded RISC-V

TitleFIXER: Flow Integrity Extensions for Embedded RISC-V
Publication TypeConference Paper
Year of Publication2019
AuthorsDe, Asmit, Basu, Aditya, Ghosh, Swaroop, Jaeger, Trent
Conference Name2019 Design, Automation Test in Europe Conference Exhibition (DATE)
KeywordsBars, buffer overflow, Buffer overflows, Code injection, code reuse attacks, composability, Computer architecture, coprocessors, data integrity, Embedded systems, fine-grained control-flow integrity, FIXER, flow integrity extensions for embedded RISC-V, Hardware, human factors, integrated Rocket Custom Coprocessor, Internet of Things, low-power embedded devices, open source architecture, program compilers, pubcrawl, reduced instruction set computing, Resiliency, return oriented programming, RISC-V, RISC-V architecture, RISC-V processor core, RISC-V SoC platform, RISC-V toolchains, Rockets, ROP, Scalability, security, security extension, security framework, security of data, shadow stack, software architecture, software reusability, system-on-chip
AbstractWith the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.
Citation Keyde_fixer_2019