DeTRAP: RISC-V Return Address Protection With Debug Triggers

• URL: http://arxiv.org/abs/2408.17248v1
• Date: Fri, 30 Aug 2024 12:42:54 GMT
• Title: DeTRAP: RISC-V Return Address Protection With Debug Triggers
• Authors: Isaac Richter, Jie Zhou, John Criswell,
• Abstract summary: DeTRAP provides a write-protected shadow stack for return addresses. It requires no memory protection hardware and only minor changes to the compiler toolchain.
• Score: 20.807256514935084
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Modern microcontroller software is often written in C/C++ and suffers from control-flow hijacking vulnerabilities. Previous mitigations suffer from high performance and memory overheads and require either the presence of memory protection hardware or sophisticated program analysis in the compiler. This paper presents DeTRAP (Debug Trigger Return Address Protection). DeTRAP utilizes a full implementation of the RISC-V debug hardware specification to provide a write-protected shadow stack for return addresses. Unlike previous work, DeTRAP requires no memory protection hardware and only minor changes to the compiler toolchain. We tested DeTRAP on an FPGA running a 32-bit RISC-V microcontroller core and found average execution time overheads to be between 0.5% and 1.9% on evaluated benchmark suites with code size overheads averaging 7.9% or less.

Related papers

• Breaking Bad: How Compilers Break Constant-Time~Implementations [12.486727810118497]
  We investigate how compilers break protections introduced by defensive programming techniques. We run a large-scale experiment to see if such compiler-induced issues manifest in state-of-the-art cryptographic libraries. Our study reveals that several compiler-induced secret-dependent operations occur within some of the most highly regarded cryptographic libraries.
  arXiv  Detail & Related papers  (2024-10-17T12:34:02Z)
• Mon CHÈRI <3 Adapting Capability Hardware Enhanced RISC with Conditional Capabilities [1.9042151977387252]
  Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from und variables. This work addresses the prevalence and lack of adequate software mitigations for und memory issues. We extend the CHERI capability model to include "conditional capabilities", enabling memory-access policies based on prior operations.
  arXiv  Detail & Related papers  (2024-07-11T16:51:36Z)
• Towards Effective and Efficient Non-autoregressive Decoding Using Block-based Attention Mask [74.64216073678617]
  AMD performs parallel NAR inference within contiguous blocks of output labels concealed using attention masks. A beam search algorithm is designed to leverage a dynamic fusion of CTC, AR Decoder, and AMD probabilities. Experiments on the LibriSpeech-100hr corpus suggest the tripartite Decoder incorporating the AMD module produces a maximum decoding speed-up ratio of 1.73x.
  arXiv  Detail & Related papers  (2024-06-14T13:42:38Z)
• CAMP: Compiler and Allocator-based Heap Memory Protection [23.84729234219481]
  We present CAMP, a new sanitizer for detecting and capturing heap memory corruption. CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation. Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.
  arXiv  Detail & Related papers  (2024-06-04T19:37:41Z)
• MCUFormer: Deploying Vision Transformers on Microcontrollers with Limited Memory [76.02294791513552]
  We propose a hardware-algorithm co-optimizations method called MCUFormer to deploy vision transformers on microcontrollers with extremely limited memory. Experimental results demonstrate that our MCUFormer achieves 73.62% top-1 accuracy on ImageNet for image classification with 320KB memory.
  arXiv  Detail & Related papers  (2023-10-25T18:00:26Z)
• Harnessing Deep Learning and HPC Kernels via High-Level Loop and Tensor Abstractions on CPU Architectures [67.47328776279204]
  This work introduces a framework to develop efficient, portable Deep Learning and High Performance Computing kernels. We decompose the kernel development in two steps: 1) Expressing the computational core using Processing Primitives (TPPs) and 2) Expressing the logical loops around TPPs in a high-level, declarative fashion. We demonstrate the efficacy of our approach using standalone kernels and end-to-end workloads that outperform state-of-the-art implementations on diverse CPU platforms.
  arXiv  Detail & Related papers  (2023-04-25T05:04:44Z)
• HDCC: A Hyperdimensional Computing compiler for classification on embedded systems and high-performance computing [58.720142291102135]
  This work introduces the name compiler, the first open-source compiler that translates high-level descriptions of HDC classification methods into optimized C code. name is designed like a modern compiler, featuring an intuitive and descriptive input language, an intermediate representation (IR), and a retargetable backend. To substantiate these claims, we conducted experiments with HDCC on several of the most popular datasets in the HDC literature.
  arXiv  Detail & Related papers  (2023-04-24T19:16:03Z)
• Securing Optimized Code Against Power Side Channels [1.589424114251205]
  Security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes SecConCG, a constraint-based compiler approach that generates optimized yet secure code.
  arXiv  Detail & Related papers  (2022-07-06T12:06:28Z)
• MAPLE-Edge: A Runtime Latency Predictor for Edge Devices [80.01591186546793]
  We propose MAPLE-Edge, an edge device-oriented extension of MAPLE, the state-of-the-art latency predictor for general purpose hardware. Compared to MAPLE, MAPLE-Edge can describe the runtime and target device platform using a much smaller set of CPU performance counters. We also demonstrate that unlike MAPLE which performs best when trained on a pool of devices sharing a common runtime, MAPLE-Edge can effectively generalize across runtimes.
  arXiv  Detail & Related papers  (2022-04-27T14:00:48Z)
• CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++ [0.9208007322096532]
  CryptSan is a memory safety approach based on ARM Pointer Authentication. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
  arXiv  Detail & Related papers  (2022-02-17T14:04:01Z)
• A TinyML Platform for On-Device Continual Learning with Quantized Latent Replays [66.62377866022221]
  Latent Replay-based Continual Learning (CL) techniques enable online, serverless adaptation in principle. We introduce a HW/SW platform for end-to-end CL based on a 10-core FP32-enabled parallel ultra-low-power processor. Our results show that by combining these techniques, continual learning can be achieved in practice using less than 64MB of memory.
  arXiv  Detail & Related papers  (2021-10-20T11:01:23Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.