Skip to main content
Springer Nature Link
Log in

Recommendation for a Holistic Secure Embedded ISA Extension

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13906))

Included in the following conference series:

Abstract

Embedded systems are a cornerstone of the ongoing digitization of our society, ranging from expanding markets around IoT and smart-X devices over to sensors in autonomous driving, medical equipment or critical infrastructures. Since a vast amount of embedded systems are safety-critical (e.g., due to their operation site), security is a necessity for their operation. However, unlike mobile, desktop, and server systems, where adversaries typically only act have remote access, embedded systems typically face attackers with physical access. Thus embedded system require an additional set of defense techniques, preferably leveraging hardware acceleration to minimize the impact on their stringent operation constraints. Over the last decade numerous defenses have been explored, however, they have often been analyzed in isolation. In this work, we first systematically analyze the state of the art in defenses for both software exploitation and fault attacks on embedded systems. We then carefully design a holistic instruction set extension to augment the RISC-V instruction set architecture with instructions to deter against th e threats analyzed in this work. Moreover we implement our design using the gem5 simulator system and a binary translation approach to arm software with our instruction set extension. Finally, we evaluate performance overhead on the MiBench2 benchmark suite. Our evaluation demonstrates a ROM overhead increase of 20% to defeat the aforementioned attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. ARM: Armv8.5-A Memory Tagging Extension White Paper. ARM (2019)

    Google Scholar 

  2. Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, pp. 105–114. IEEE Computer Society. Tokyo, Japan (2011). https://doi.org/10.1109/FDTC.2011.9

  3. Barry, T., Couroussé, D., Robisson, B.: Compilation of a countermeasure against instruction-skip fault attacks. In: Palkovic, M., Agosta, G., Barenghi, A., Koren, I., Pelosi, G. (eds.) In: Proceedings of the 3rd Workshop on Cryptography and Security in Computing Systems, CS2@HiPEAC, Prague, pp. 1–6. ACM Czech Republic (2016). https://doi.org/10.1145/2858930.2858931

  4. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptol. ePrint Arch., p. 404 (2013). http://eprint.iacr.org/2013/404

  5. Bradbury, A., Ferris, G., Mullins, R.: Tagged memory and minion cores in the lowRISC SoC. University of Cambridge, Memo (2014)

    Google Scholar 

  6. Burow, N., Zhang, X., Payer, M.: Shining light on shadow stacks. CoRR abs/1811.03165 (2018). http://arxiv.org/abs/1811.03165

  7. Christoulakis, N., Christou, G., Athanasopoulos, E., Ioannidis, S.: HCFI: hardware-enforced control-flow integrity. In: Bertino, E., Sandhu, R.S., Pretschner, A. (eds.) Proceedings of the 6th ACM on Conference on Data and Application Security and Privacy, CODASPY 2016, pp. 38–49. ACM New Orleans, LA, USA (2016). https://doi.org/10.1145/2857705.2857722

  8. de Clercq, R., et al.: SOFIA: software and control flow integrity architecture. In: Fanucci, L., Teich, J. (eds.) 2016 Design, Automation Test in Europe Conference Exhibition, DATE, pp. 1172–1177. IEEE 2016, Dresden, Germany (2016). https://ieeexplore.ieee.org/document/7459489/

  9. de Clercq, R., Verbauwhede, I.: A survey of hardware-based control flow integrity (CFI). CoRR abs/1706.07257 (2017). http://arxiv.org/abs/1706.07257

  10. Cowan, C.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. Rubin, A.D. (ed.) In: Proceedings of the 7th USENIX Security Symposium, 98, P. 5–5 San Antonio, TX, USA, USENIX Association (1998).https://www.usenix.org/conference/7th-usenix-security-symposium/stackguard-automatic-adaptive-detection-and-prevention

  11. Davi, L., et al.: HAFIX: hardware-assisted flow integrity extension. In: Proceedings of the 52nd Annual Design Automation Conference, pp. 741–746 ACM. San Francisco, CA, USA (2015). https://doi.org/10.1145/2744769.2744847

  12. De, A., Basu, A., Ghosh, S., Jaeger, T.: Hardware assisted buffer protection mechanisms for embedded RISC-V. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 39(12), 4453–4465 (2020). https://doi.org/10.1109/TCAD.2020.2984407

  13. Fei, Y., Shi, Z.J.: Microarchitectural support for program code integrity monitoring in application-specific instruction set processors. In: Lauwereins, R., Madsen, J. (eds.) 2007 Design, Automation and Test in Europe Conference and Exposition, DATE 2007, pp. 815–820. EDA Consortium, San Jose, Nice, France, CA, USA (2007). https://doi.org/10.1109/DATE.2007.364391

  14. Jaloyan, G., Markantonakis, K., Akram, R.N., Robin, D., Mayes, K., Naccache, D.: Return-oriented programming on RISC-V. In: Sun, H., Shieh, S., Gu, G., Ateniese, G. (eds.) ASIA CCS ’20: The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, pp. 471–480. ACM (2020). https://doi.org/10.1145/3320269.3384738

  15. Kayaalp, M., Schmitt, T., Nomani, J., Ponomarev, D., Abu-Ghazaleh, N.B.: SCRAP: architecture for signature-based protection from code reuse attacks. In: 19th IEEE International Symposium on High Performance Computer Architecture, HPCA 2013, pp. 258–269. IEEE Computer Society Shenzhen, China (2013). https://doi.org/10.1109/HPCA.2013.6522324

  16. Kim, H., Lee, J., Pratama, D., Awaludin, A.M., Kim, H., Kwon, D.: RIMI: instruction-level memory isolation for embedded systems on RISC-V. In: IEEE/ACM International Conference on Computer Aided Design, ICCAD 2020, pp. 341–349. IEEE San Diego, CA, USA (2020). https://doi.org/10.1145/3400302.3415727

  17. Lowe-Power, J., et al.: The gem5 simulator: Version 20.0+. CoRR abs/2007.03152 (2020). https://arxiv.org/abs/2007.03152

  18. Mibench2 (2022).https://github.com/impedimentToProgress/MiBench2

  19. Ohlsson, J., Rimén, M., Gunneflo, U.: A study of the effects of transient fault injection into a 32-bit RISC with built-in watchdog. In: Digest of Papers: FTCS-22, The 22nd Annual International Symposium on Fault-Tolerant Computing, Boston, Massachusetts, pp. 316–325. USA IEEE Computer Society (1992). https://doi.org/10.1109/FTCS.1992.243569

  20. Rodríguez, F., Campelo, J., Serrano, J.J.: A Watchdog Processor Architecture with Minimal Performance Overhead. In: Anderson, S., Felici, M., Bologna, S. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 261–272. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45732-1_26

    Chapter  Google Scholar 

  21. Rodríguez, F., Serrano, Juan J.: Control Flow Error Checking with ISIS. In: Yang, L.T., Zhou, X., Zhao, W., Wu, Z., Zhu, Y., Lin, Man (eds.) ICESS 2005. LNCS, vol. 3820, pp. 659–670. Springer, Heidelberg (2005). https://doi.org/10.1007/11599555_63

    Chapter  Google Scholar 

  22. Savry, O., El-Majihi, M., Hiscock, T.: Confidaent: control flow protection with instruction and data authenticated encryption. In: 23rd Euromicro Conference on Digital System Design, pp. 246–253. IEEE DSD 2020, Kranj, Slovenia, (2020). https://doi.org/10.1109/DSD51259.2020.00048

  23. Security, Q.P.: Pointer Authentication on ARMv8.3 - Design and Analysis of the New Software Security Instructions. Qualcomm Technologies, Inc. (2017)

    Google Scholar 

  24. Selmke, B., Hauschild, F., Obermaier, J.: Peak clock: Fault injection into PLL-Based systems via clock manipulation. In: Chang, C., Rührmair, U., Holcomb, D.E., Schaumont, P. (eds.) In: Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES@CCS 2019, pp. 85–94. ACM London, UK, (2019). https://doi.org/10.1145/3338508.3359577

  25. Shanbhogue, V., Gupta, D., Sahita, R.: Security analysis of processor instruction set architecture for enforcing control-flow integrity. In: Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP@ISCA 2019, pp. 801–811. ACM (2019). https://doi.org/10.1145/3337167.3337175

  26. Spensky, C., et al.: Glitching demystified: Analyzing control-flow-based glitching attacks and defenses. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2021, pp. 400–412. IEEE Taipei, Taiwan, (2021). https://doi.org/10.1109/DSN48987.2021.00051

  27. Werner, M., Schilling, R., Unterluggauer, T., Mangard, S.: Protecting RISC-V processors against physical attacks. In: Teich, J., Fummi, F. (eds.) Design, Automation Test in Europe Conference Exhibition, DATE 2019, pp. 1136–1141. IEEE Florence, Italy (2019). https://doi.org/10.23919/DATE.2019.8714811

  28. Werner, M., Wenger, E., Mangard, S.: Protecting the Control Flow of Embedded Processors against Fault Attacks. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 161–176. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_10

    Chapter  Google Scholar 

  29. Wilken, K.D., Shen, J.P.: Continuous signature monitoring: Efficient concurrent-detection of processor control errors. In: Proceedings International Test Conference, pp. 914–925. IEEE Computer Society. Washington, D.C., USA, (1988). https://doi.org/10.1109/TEST.1988.207880

  30. Witteman, M., Oostdijk, M.: Secure application programming in the presence of side channel attacks. In: RSA conference. (2008)

    Google Scholar 

  31. Woodruff, J., et al.: CHERI concentrate: Practical compressed capabilities. IEEE Trans. Computers 68(10), 1455–1469 (2019). https://doi.org/10.1109/TC.2019.2914037

  32. Woodruff, J., et al.: The CHERI capability model: Revisiting RISC in an age of risk. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, pp. 457–468. IEEE Computer Society. Minneapolis, MN, USA, (2014). https://doi.org/10.1109/ISCA.2014.6853201

  33. Yuce, B., Ghalaty, N.F., Deshpande, C., Patrick, C., Nazhandali, L., Schaumont, P.: FAME: fault-attack aware microprocessor extensions for hardware fault detection and software fault response. In: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, HASP@ICSA, pp. 81–88. ACM Seoul, Republic of Korea (2016). https://doi.org/10.1145/2948618.2948626

  34. Zhu, G., Tyagi, A.: Protection against indirect overflow attacks on pointers. In: Cole, J.L., Wolthusen, S.D. (eds.) In: Proceedings of the 2nd IEEE International Workshop on Information Assurance (IWIA’04), pp. 97–106. IEEE Computer Society Charlotte, North Carolina, USA(2004). https://doi.org/10.1109/IWIA.2004.1288041

Download references

Acknowledgments

We would like to thank our anonymous reviewers for their constructive feedback. The work described in this paper has been supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) through the project RAINCOAT (440059533), by the DFG through Germany’s Excellence Strategy - EXC 2092 CASA - 390781972, and by the German Federal Ministry of Education and Research (BMBF) through the project FlexKI (01IS22086I).

Author information

Authors and Affiliations

  1. Ruhr-Universität Bochum, Bochum, Germany

    Florian Stolz, Pascal Sasdrich & Tim Güneysu

  2. Max Planck Institute for Security and Privacy, Bochum, Germany

    Marc Fyrbiak

  3. emproof GmbH, Bochum, Germany

    Marc Fyrbiak

Authors
  1. Florian Stolz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Fyrbiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascal Sasdrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tim Güneysu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Stolz .

Editor information

Editors and Affiliations

  1. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

  2. Indiana University at Bloomington, Bloomington, IN, USA

    XiaoFeng Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stolz, F., Fyrbiak, M., Sasdrich, P., Güneysu, T. (2023). Recommendation for a Holistic Secure Embedded ISA Extension. In: Tibouchi, M., Wang, X. (eds) Applied Cryptography and Network Security. ACNS 2023. Lecture Notes in Computer Science, vol 13906. Springer, Cham. https://doi.org/10.1007/978-3-031-33491-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-33491-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-33490-0

  • Online ISBN: 978-3-031-33491-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics