Bratter: An Instruction Set Extension for Forward Control-Flow Integrity in RISC-V

Park, Seonghwan; Kang, Dongwook; Kang, Jeonghwan; Kwon, Donghyun

doi:10.3390/s22041392

Cited by 4 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike [51], Shakti-MS does not need additional tables or tag bits to store pointer metadata, which can effectively reduce hardware complexity and storage overhead. Park et al [52] proposed Bratter for forward control flow integrity solution. Batter contains a dedicated CSR Register Branch Tag register and two new instructions for this register.…”

Section: H Securitymentioning

confidence: 99%

RISC-V Instruction Set Architecture Extensions: A Survey

Cui

Qian

2023

IEEE Access

View full text Add to dashboard Cite

RISC-V is an open-source and royalty-free instruction set architecture (ISA), which opens up a new era of processor innovation. RISC-V has the characteristics of modularization and extensibility, and explicitly supports domain-specific custom extensions. Nowadays, RISC-V is a popular ISA for embedded processors. However, there is still a gap between the capabilities of RISC-V and the requirements of various emerging computing scenarios (e.g., artificial intelligence, cloud computing). Recently, the RISC-V standards organization has continuously introduced new ISA extensions to meet the needs of advanced computing. There are also a variety of novel research proposed customized extensions of RISC-V for certain scenarios. As far as we know, there is a lack of a survey to systematically present the research progress of RISC-V ISA extensions. The goal of this paper is to provide a comprehensive survey on existing works about RISC-V ISA extensions. First, the application scenarios of RISC-V are introduced, and the requirements for ISA extensions are analyzed. Then, we survey the progress of official RISC-V ISA extension specification and recent research on RISC-V ISA extension. Finally, we highlight some possible future research opportunities on the RISC-V ISA extension.INDEX TERMS RISC-V, instruction set architecture, extensions, survey.

show abstract

Section: H Securitymentioning

confidence: 99%

RISC-V Instruction Set Architecture Extensions: A Survey

Cui

Qian

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Currently, CFI in a processor can be achieved in both Software [29], [30], [31], [32], [33], [34], [35] and hardware. BCI-CFI [34], an implementation of software-based finegrained CFI on the Linux kernel, exhibited an average execution overhead of 19.67%, with the peak overhead attaining 31.2% in test programs.…”

Section: B the Current State Of Defense Against Code Reuse Attacksmentioning

confidence: 99%

“…In Table V, a succinct overview of the instruction tracking modules, namely PTM [30], Intel Processor Trace, and TE [41], employed within the current processor ecosystem is provided. Upon comparative analysis of these methodologies, it becomes evident that FastCFI [37] emerges as a frontrunner in terms of performance.…”

Section: Instruction Tracking Detectionmentioning

confidence: 99%

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Li,

Wang,

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Code reuse attacks (CRA) represent a type of control flow hijacking that attackers exploit to manipulate the standard program execution path, resulting in abnormal processor behaviors. In response to the security concern, proposals for Control Flow Integrity (CFI) verification have emerged. The CFI scheme diligently monitors program jumps during execution, effectively restraining abnormal program execution and robustly safeguarding against CRA. This paper provides a comprehensive analysis and synthesis of the current state of hardware-based CFI implementations. In this survey, we initially discuss common attack methods and variations of predominant CRA, elucidating the general procedural steps intrinsic to such attacks. We delve into the protective capacities inherent in contemporary hardware-based CFI implementations. By conducting a thorough examination and organization of diverse research endeavors on hardware-based CFI, we systematically classify CFI based on implementation methodologies, including label verification, instruction encryption, stack edge detection, instruction tracing, sensitive data isolation, and basic block validation. We provide comprehensive explanations and critical evaluations for each category followed by comparative analyses while offering personal insights on the evolution of hardware-based CFI.INDEX TERMS Code reuse attacks, Control Flow Integrity, Hardware-based CFI implementations.

show abstract

“…RIMI [4] duplicates memory access instructions and defines domains from which these instructions can be used specifically. Bratter [16] defines a control-flow integrity mechanism purely based on the hints available and a CSR. Stolz et al [17] add instructions to hash and verify the integrity of basic blocks as well as encode and decode code and data pointers.…”

Section: Memory Isolationmentioning

confidence: 99%

JIT Compiler Security through Low-Cost RISC-V Extension

Ducasse

Cotret

Lagadec

2023

2023 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)

View full text Add to dashboard Cite

Language Virtual Machines (VM) need to be extremely efficient and hence use complex engines such as a JIT compiler to speed up the usual bytecode interpretation loop. Their usage of low-level and security-critical tasks make them targets of choice. Enforcing low-cost fine-grained memory isolation has been an important research focus as a countermeasure to the most advanced JIT attacks. Memory isolation splits the components of an application with controlled communication and verified access to other resources. We present how custom instructions linked to hardware-enforced domain-checking could protect JIT code and data. We present incremental solutions and their corresponding custom instructions. The generated machine code and extended RISC-V Rocket come at a low-cost both in performance and intrusiveness.

show abstract

Bratter: An Instruction Set Extension for Forward Control-Flow Integrity in RISC-V

Cited by 4 publications

References 26 publications

RISC-V Instruction Set Architecture Extensions: A Survey

RISC-V Instruction Set Architecture Extensions: A Survey

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

JIT Compiler Security through Low-Cost RISC-V Extension

Contact Info

Product

Resources

About