Execution at RISC: Stealth JOP Attacks on RISC-V Applications

RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2023-07
Main Authors: Buckwell, Loïc, Olivier, Gilles, Daniel Gracia Pérez, Kosmatov, Nikolai
Format: Article
Language:English
Subjects:
RISC
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks. We provide an analysis of new dispatcher gadgets we discovered, and show how they can be used together in order to build a stealth attack, bypassing existing protections. A proof-of-concept attack is implemented on an embedded web server compiled for RISC-V, in which we introduced a vulnerability, allowing an attacker to remotely read an arbitrary file from the host machine.
ISSN:2331-8422