RISC-V is an emerging technology, with applications ranging from embedded devices to high-performance servers. Therefore, more and more security-critical workloads will be conducted with code that is compiled for RISC-V. Well-known microarchitectural side-channel attacks against established platforms like x86 apply to RISC-V CPUs as well. As RISC-V does not mandate any hardware-based side-channel countermeasures, a piece of code compiled for a generic RISC-V CPU in a cloud server cannot make safe assumptions about the microarchitecture on which it is running. Existing tools for aiding software-level precautions by checking side-channel vulnerabilities on source code or x86 binaries are not compatible with RISC-V machine code. In this work, we study the requirements and goals of architecture-specific leakage analysis for RISC-V and illustrate how to achieve these goals with the help of fast and precise dynamic binary analysis. We implement all necessary building blocks for finding side-channel leakages on RISC-V, while relying on existing mature solutions when possible. Our leakage analysis builds upon the modular side-channel analysis framework Microwalk, that examines execution traces for leakage through secret-dependent memory accesses or branches. To provide suitable traces, we port the ARM dynamic binary instrumentation tool MAMBO to RISC-V. Our port named MAMBO-V can instrument arbitrary binaries which use the 64-bit general purpose instruction set. We evaluate our toolchain on several cryptographic libraries with RISC-V support and identify multiple exploitable leakages.
翻译:RISC-V是新兴技术,应用范围从嵌入式设备到高性能服务器。因此,更多的安全关键负载将使用为RISC-V编译的代码来进行。已知的针对像x86这样的成熟平台的微架构侧信道攻击也适用于RISC-V CPU。由于RISC-V不要求任何基于硬件的侧信道对策,因此在云服务器上为通用RISC-V CPU编译的代码无法对运行它的微架构做出安全假设。现有的用于通过检查源代码或x86二进制文件来检查侧信道漏洞的工具与RISC-V机器码不兼容。在这项工作中,我们研究了RISC-V体系结构特定泄漏分析的要求和目标,并说明了如何利用快速和精确的动态二进制分析实现这些目标。当可能时,我们构建了查找RISC-V上侧信道泄漏所需的所有必要组件,并依赖于现有的成熟解决方案。我们的泄漏分析建立在模块化的侧信道分析框架Microwalk之上,该框架通过检查秘密相关的内存访问或分支的执行跟踪来检验泄漏。为了提供合适的跟踪,我们将ARM动态二进制插装工具MAMBO移植到RISC-V。我们的移植版MAMBO-V可以插装使用64位通用目