RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.
翻译:RISC-V是最近为嵌入实时系统开发的一套开放式教学结构。为了在这些系统上实现持久安全并设计有效的反措施,必须更好地了解新式和今后可能发生的攻击的脆弱性。本文表明,RISC-V对于一个能够绕过现有保护的复杂代码-重复式编程是明智的。我们首次分析了RISC-V系统攻击地面,并展示了如何将它们捆绑在一起,以建立全面的攻击。我们使用关于被利用的登记册和教学模式的保守假设,我们称之为保留登记册。这个方法适用于脆弱的RISC-V应用程序,并成功用于揭露AES256秘密。
相关内容
微信扫码咨询专知VIP会员