Saved in:
Bibliographic Details
Main Authors: Bove, Davide, Panzer, Lukas
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.03771
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911828419805184
author Bove, Davide
Panzer, Lukas
author_facet Bove, Davide
Panzer, Lukas
contents Embedded and Internet-of-Things (IoT) devices are ubiquitous today, and the uprising of several botnets based on them (e.g., Mirai, Ripple20) raises issues about the security of such devices. Especially low-power devices often lack support for modern system security measures, such as stack integrity, Non-eXecutable bits or strong cryptography. In this work, we present R5Detect, a security monitoring software that detects and prevents control-flow attacks on unmodified RISC-V standard architectures. With a novel combination of different protection techniques, it can run on embedded and low-power IoT devices, which may lack proper security features. R5Detect implements a memory-protected shadow stack to prevent runtime modifications, as well as a heuristics detection based on Hardware Performance Counters to detect control-flow integrity violations. Our results indicate that regular software can be protected against different degrees of control-flow manipulations with an average performance overhead of below 5 %. We implement and evaluate R5Detect on standard low-power RISC-V devices and show that such security features can be effectively used with minimal hardware support.
format Preprint
id arxiv_https___arxiv_org_abs_2404_03771
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle R5Detect: Detecting Control-Flow Attacks from Standard RISC-V Enclaves
Bove, Davide
Panzer, Lukas
Cryptography and Security
Embedded and Internet-of-Things (IoT) devices are ubiquitous today, and the uprising of several botnets based on them (e.g., Mirai, Ripple20) raises issues about the security of such devices. Especially low-power devices often lack support for modern system security measures, such as stack integrity, Non-eXecutable bits or strong cryptography. In this work, we present R5Detect, a security monitoring software that detects and prevents control-flow attacks on unmodified RISC-V standard architectures. With a novel combination of different protection techniques, it can run on embedded and low-power IoT devices, which may lack proper security features. R5Detect implements a memory-protected shadow stack to prevent runtime modifications, as well as a heuristics detection based on Hardware Performance Counters to detect control-flow integrity violations. Our results indicate that regular software can be protected against different degrees of control-flow manipulations with an average performance overhead of below 5 %. We implement and evaluate R5Detect on standard low-power RISC-V devices and show that such security features can be effectively used with minimal hardware support.
title R5Detect: Detecting Control-Flow Attacks from Standard RISC-V Enclaves
topic Cryptography and Security
url https://arxiv.org/abs/2404.03771