Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3316482.3326356acmconferencesArticle/Chapter ViewAbstractPublication PagescpsweekConference Proceedingsconference-collections
research-article

SHAKTI-MS: a RISC-V processor for memory safety in C

Published: 23 June 2019 Publication History

Abstract

In this era of IoT devices, security is very often traded off for smaller device footprint and low power consumption. Considering the exponentially growing security threats of IoT and cyber-physical systems, it is important that these devices have built-in features that enhance security. In this paper, we present Shakti-MS, a lightweight RISC-V processor with built-in support for both temporal and spatial memory protection. At run time, Shakti-MS can detect and stymie memory misuse in C and C++ programs, with minimum runtime overheads. The solution uses a novel implementation of fat-pointers to efficiently detect misuse of pointers at runtime. Our proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers. We store the fat-pointer on the stack, which eliminates the use of shadow memory space, or any table to store the pointer metadata. This reduces the storage overheads by a great extent. The cookie also helps to preserve control flow of the program by ensuring that the return address never gets modified by vulnerabilities like buffer overflows. Shakti-MS introduces new instructions in the microprocessor hardware, and also a modified compiler that automatically inserts these new instructions to enable memory protection. This co-design approach is intended to reduce runtime and area overheads, and also provides an end-to-end solution. The hardware has an area overhead of 700 LUTs on a Xilinx Virtex Ultrascale FPGA and 4100 cells on an open 55nm technology node. The clock frequency of the processor is not affected by the security extensions, while there is a marginal increase in the code size by 11% with an average runtime overhead of 13%.

References

[1]
Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors. In 18th USENIX Security Symposium, Montreal, Canada, August 10-14, 2009, Proceedings . 51–66. http://www.usenix.org/events/sec09/tech/full_papers/akritidis.pdf
[2]
Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the ACM SIGPLAN’94 Conference on Programming Language Design and Implementation (PLDI), Orlando, Florida, USA, June 20-24, 1994 . 290–301.
[3]
Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: probabilistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario, Canada, June 11-14, 2006 . 158–168.
[4]
Bluespec Inc. 2003. Bluespec System Verilog. https://bluespec.com. (2003).
[5]
Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing Software by Enforcing Data-flow Integrity. In 7th Symposium on Operating Systems Design and Implementation (OSDI ’06), November 6-8, Seattle, WA, USA . 147–160. http://www.usenix.org/events/osdi06/tech/castro. html
[6]
Weihaw Chuang, Satish Narayanasamy, and Brad Calder. 2007. Accelerating Meta Data Checks for Software Correctness and Security. J. Instruction-Level Parallelism 9 (2007). http://www.jilp.org/ vol9/v9paper10.pdf
[7]
Joe Devietti, Colin Blundell, Milo M. K. Martin, and Steve Zdancewic. 2008. Hardbound: architectural support for spatial safety of the C programming language. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2008, Seattle, WA, USA, March 1-5, 2008 . 103–114.
[8]
Dinakar Dhurjati and Vikram S. Adve. 2006. Backwards-compatible array bounds checking for C with very low overhead. In 28th International Conference on Software Engineering (ICSE 2006), Shanghai, China, May 20-28, 2006 . 162–171.
[9]
Dinakar Dhurjati and Vikram S. Adve. 2006. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In 2006 International Conference on Dependable Systems and Networks (DSN 2006), 25-28 June 2006, Philadelphia, Pennsylvania, USA, Proceedings . 269–280.
[10]
Dinakar Dhurjati, Sumant Kowshik, Vikram S. Adve, and Chris Lattner. 2003. Memory safety without runtime checks or garbage collection. In Proceedings of the 2003 Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES’03). San Diego, California, USA, June 11-13, 2003 . 69–80.
[11]
C. Cowan et al. 1998. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. (1998).
[12]
S. Chen et al. 2005. Non-control-data attacks are realistic threats. In USENIX Security, August . (2005).
[13]
NIST Juliet Test Suite for C/C++. 2010. Software Assurance Metrics and Tool Evaluation. (2010). https://samate.nist.gov/SRD/testsuite.php
[14]
Neel Gala, Arjun Menon, Rahul Bodduna, G. S. Madhusudan, and V. Kamakoti. 2016. SHAKTI Processors: An Open-Source Hardware Initiative. In 29th International Conference on VLSI Design and 15th International Conference on Embedded Systems, VLSID 2016, Kolkata, India, January 4-8, 2016 . 7–8.
[15]
Reed Hastings and Bob Joyce. 1991. Purify: Fast detection of memory leaks and access errors. In In Proc. of the Winter 1992 USENIX Conference. 125–138.
[16]
Y. Huang. 2016. Heap overflows and double-free attacks. (2016). http://homes.sice.indiana.edu/yh33/Teaching/I433-2016/ lec13-HeapAttacks.pdf
[17]
Richard W. M. Jones and Paul H. J. Kelly. 1997. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In AADEBUG. 13–26. http://www.ep.liu.se/ecp/article.asp?issue=001&article=002
[18]
Gnanambikai Krishnakumar, Patanjali SLPSK, Prasanna Karthik Vairam, Chester Rebeiro, and Kamakoti Veezhinathan. 2018. GAN-DALF: A Fine-Grained Hardware-Software Co-Design for Preventing Memory Attacks. Embedded Systems Letters 10, 3 (2018), 83–86.
[19]
LLVM 2000. The LLVM Compiler Infrastructure. (2000). https://llvm. org/
[20]
LLVM Documentation 2000. Extending LLVM: Adding instructions, intrinsics, types, etc. (2000). https://llvm.org/docs/ExtendingLLVM. html
[21]
Michael Bailey Matthew Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J. Alex Halderman Luca Invernizzi Michalis Kallitsis Deepak Kumar Chaz Lever Zane Ma Joshua Mason Damian Menscher Chad Seaman Nick Sullivan Kurt Thomas Yi Zhou Manos Antonakakis, Tim April. 2017. Understanding the Mirai Botnet. 26th USENIX Security Symposium - August, (2017), 1093–1110. https://www.usenix.org/conference/usenixsecurity17/ technical-sessions/presentation/antonakakis
[22]
Hector Marco-Gisbert and Ismael Ripoll. 2014. On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows. In 2014 IEEE 13th International Symposium on Network Computing and Applications, NCA 2014, Cambridge, MA, USA, 21-23 August, 2014 . 145– 152.
[23]
Arjun Menon, Subadra Murugan, Chester Rebeiro, Neel Gala, and Kamakoti Veezhinathan. 2017. Shakti-T: A RISC-V Processor with Light Weight Security Extensions.
[24]
SC MITRE. 2011. CWE/SANS Top 25 Most Dangerous Software Errors. (2011). http://cwe.mitre.org/top25/
[25]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2012. Watchdog: Hardware for safe and secure manual memory management and full memory safety. In 39th International Symposium on Computer Architecture (ISCA 2012), June 9-13, 2012, Portland, OR, USA . 189–200.
[26]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2013. Hardware-Enforced Comprehensive Memory Safety. IEEE Micro 33, 3 (2013), 38–47.
[27]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2014. WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking. 175. https://dl.acm.org/citation.cfm?id=2544147
[28]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for c. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, Dublin, Ireland, June 15-21, 2009 . 245–258.
[29]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: compiler enforced temporal safety for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM 2010, Toronto, Ontario, Canada, June 5-6, 2010 . 31–40.
[30]
George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 3 (2005), 477–526.
[31]
Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, San Diego, California, USA, June 10-13, 2007 . 89–100.
[32]
Gene Novark, Emery D. Berger, and Benjamin G. Zorn. 2007. Exterminator: automatically correcting memory errors with high probability. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, San Diego, California, USA, June 10-13, 2007 . 1–11.
[33]
Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches. CoRR abs/1702.00719 (2017). http://arxiv.org/abs/1702.00719
[34]
Aleph One. 1996. Smashing the Stack for Fun and Profit. Phrack 7, 49 (November 1996). http://www.phrack.com/issues.html?issue=49&id= 14
[35]
Harish Patil and Charles N. Fischer. 1997. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Softw., Pract. Exper. 27, 1 (1997), 87–110.
[36]
Jonathan D. Pincus and Brandon Baker. 2004. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy 2, 4 (2004), 20–27.
[37]
Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. Return-Oriented Programming: Systems, Languages, and Applications. ACM Trans. Inf. Syst. Secur. 15, 1 (2012), 2:1–2:34.
[38]
Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007 . 552–561.
[39]
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, October 25-29, 2004 . 298–307.
[40]
A. van de Ven. 2004. New security enhancements in red hat enterprise linux v. 3, update 3. Red Hat,. (2004).
[41]
Guru Venkataramani, Brandyn Roemer, Yan Solihin, and Milos Prvulovic. 2007. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In 13st International Conference on High-Performance Computer Architecture (HPCA-13 2007), 10-14 February 2007, Phoenix, Arizona, USA . 273–284.
[42]
Wei Xu, Daniel C. DuVarney, and R. Sekar. 2004. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2004, Newport Beach, CA, USA, October 31 - November 6, 2004 . 117–126.
[43]
Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, and Dawu Gu. 2015. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. 414–425.

Cited By

View all
  • (2024)SHAKTI Dual Lockstep Microprocessor: Ensuring Functional Integrity for Robust Computing2024 IEEE International Conference on Contemporary Computing and Communications (InC4)10.1109/InC460750.2024.10649322(1-5)Online publication date: 15-Mar-2024
  • (2023)MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607212(609-622)Online publication date: 16-Oct-2023
  • (2023)A Survey on Thwarting Memory Corruption in RISC-VACM Computing Surveys10.1145/360490656:2(1-29)Online publication date: 17-Jun-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
LCTES 2019: Proceedings of the 20th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems
June 2019
218 pages
ISBN:9781450367240
DOI:10.1145/3316482
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication Notes

Badge change: Article originally badged under Version 1.0 guidelines https://www.acm.org/publications/policies/artifact-review-badging

Publication History

Published: 23 June 2019

Permissions

Request permissions for this article.

Check for updates

Badges

Author Tags

  1. Buffer Overflows
  2. Dangling Pointers
  3. Memory Safety
  4. Secure Microprocessor
  5. Shakti
  6. Spatial Attacks
  7. Temporal Attacks

Qualifiers

  • Research-article

Funding Sources

Conference

LCTES '19

Acceptance Rates

Overall Acceptance Rate 116 of 438 submissions, 26%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)91
  • Downloads (Last 6 weeks)6
Reflects downloads up to 19 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)SHAKTI Dual Lockstep Microprocessor: Ensuring Functional Integrity for Robust Computing2024 IEEE International Conference on Contemporary Computing and Communications (InC4)10.1109/InC460750.2024.10649322(1-5)Online publication date: 15-Mar-2024
  • (2023)MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607212(609-622)Online publication date: 16-Oct-2023
  • (2023)A Survey on Thwarting Memory Corruption in RISC-VACM Computing Surveys10.1145/360490656:2(1-29)Online publication date: 17-Jun-2023
  • (2023)RISC-V Extension for Optimized PWM Control2023 27th International Conference on System Theory, Control and Computing (ICSTCC)10.1109/ICSTCC59206.2023.10308510(404-409)Online publication date: 11-Oct-2023
  • (2023)RISC-V Instruction Set Architecture Extensions: A SurveyIEEE Access10.1109/ACCESS.2023.324649111(24696-24711)Online publication date: 2023
  • (2022)Building the SHAKTI microprocessorCommunications of the ACM10.1145/355663265:11(48-51)Online publication date: 20-Oct-2022
  • (2022)Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?IEEE Transactions on Software Engineering10.1109/TSE.2021.312199448:11(4569-4589)Online publication date: 1-Nov-2022
  • (2021)A Hardware Platform for Ensuring OS Kernel Integrity on RISC-VElectronics10.3390/electronics1017206810:17(2068)Online publication date: 26-Aug-2021
  • (2021)In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protectionProceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3445814.3446761(224-240)Online publication date: 19-Apr-2021
  • (2021)Security, Reliability and Test Aspects of the RISC-V Ecosystem2021 IEEE European Test Symposium (ETS)10.1109/ETS50041.2021.9465449(1-10)Online publication date: 24-May-2021
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media