FIXER: Flow Integrity Extensions for Embedded RISC-V

Asmit Dea, Aditya Basub, Swaroop Ghoshc and Trent Jaegerd
School of EECS, The Pennsylvania State University, University Park, USA
aasmit@psu.edu
baditya.basu@psu.edu
cszg212@psu.edu
dtrj1@psu.edu

ABSTRACT


With the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and lowoverhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

Keywords: Buffer overflow, ROP, Shadow Stack, RISC-V.



Full Text (PDF)