Hardware Assisted Buffer Protection Mechanisms for Embedded RISC-V

Asmit De, Aditya Basu, Swaroop Ghosh, Trent Jaeger

Research output: Contribution to journalArticlepeer-review

Abstract

RISC-V is a promising open-source architecture that targets low-power embedded devices and system-on-chips (SoCs). However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks, such as buffer overflow and return-oriented programming (ROP). In this article, we propose two hardware-implemented security extensions to RISC-V that provides a defense mechanism against such attacks. We first employ a physically unclonable function (PUF)-based randomized canary generation technique that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads. We implement the proposed Canary Engine in RISC-V RocketChip with rocket custom coprocessor (RoCC). The simulation results show 2.2% average execution overhead with a single buffer protection, while a 10times increase in buffer count only increases the overhead by 1.5times when protection is extended to all buffers. We further improve upon this with a dedicated security coprocessor flow integrity extensions for embedded RISC-V (FIXER), implemented on the RoCC. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the processor core. Compared to software-based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.

Original languageEnglish (US)
Article number9051971
Pages (from-to)4453-4465
Number of pages13
JournalIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Volume39
Issue number12
DOIs
StatePublished - Dec 2020

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Hardware Assisted Buffer Protection Mechanisms for Embedded RISC-V'. Together they form a unique fingerprint.

Cite this