RISC-V ISA Extension for Control Flow Integrity PDF
Preview RISC-V ISA Extension for Control Flow Integrity
DEPARTMENT OF INFORMATICS TECHNICAL UNIVERSITY OF MUNICH Bachelor’sThesisinInformatics RISC-V ISA Extension for Control Flow Integrity LeanderSeidlitz DEPARTMENT OF INFORMATICS TECHNICAL UNIVERSITY OF MUNICH Bachelor’sThesisinInformatics Adaption von Control Flow Integrity in der RISC-V ISA RISC-V ISA Extension for Control Flow Integrity Author: LeanderSeidlitz Supervisor: Prof.Dr.ClaudiaEckert Advisor: LukasAuer,M.Sc. SubmissionDate: 12.April2019 IconfirmthatthisBachelor’sThesisismyownworkandIhavedocumentedallsources andmaterialused. Ichversichere,dassichdieseBachelorarbeitselbsta¨ndigverfasstundnurdieangegebenen QuellenundHilfsmittelverwendethabe. Ort,Datum LeanderSeidlitz Abstract Low-levelprogramminglanguagessuchasCandC++delegatememory managementtotheprogrammer.Incorrectmemoryhandlingmaycause memoryerrors,whichpresentaprimetargetforattackers. Currentlywidedeployeddefensemechanismsprovidegoodprotection againstcertainclassesofattacks.Manymechanismsaredefeatedbypow- erfulattackerswitharbitrarymemoryaccess,astheyrelyonsecretsstored in memory. We recognize the need for defense measures that can cope withsuchattackers. WithARMv8.3-AARMhasintroducedARMPAC,hardwaresupportfor pointerauthentication.APACisaMessageAuthenticationCodebound tothepointervalue,acontext,andasecretkey.ThePACisstoredinthe unusedbitsofthepointer.Itallowsreliabletamperdetection.Itcanbe usedtoenforceControlFlowIntegrity,providingstronghardware-based protectionagainstcode-reuseattacks. InthisworkwepresentanadaptionofARMPAContheRISC-Varchi- tecture.WedevelopanextensiontotheInstructionSetArchitecturefor hardware-basedpointerauthentication.WemodifyGCCtosupportre- turn address protection using pointer authentication instructions. Our approach allows for protection against strong attackers with arbitrary memoryaccess. Contents 1 Introduction 1 1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Background 3 2.1 RISC-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 CodeReuseAttacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 ControlFlowIntegrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.4 CurrentDefenseMechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3 ARMPointerAuthentication 8 3.1 PointerAuthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1.1 AuthenticatingandVerifyingPointers . . . . . . . . . . . . . . . . . 9 3.1.2 KeyManagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1.3 QARMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 SecurityProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4 Design 14 4.1 PointerAuthenticationonRISC-V . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.1 AttackerModel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1.2 AuthenticationandVerificationofPointers . . . . . . . . . . . . . . 15 4.1.3 KeyManagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.1.4 CryptographicPrimitives . . . . . . . . . . . . . . . . . . . . . . . . 17 4.2 Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3 UseCasesofPointerAuthentication . . . . . . . . . . . . . . . . . . . . . . 19 4.3.1 ReturnAddressProtection . . . . . . . . . . . . . . . . . . . . . . . 19 4.3.2 ControlFlowIntegrity . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3.3 ProtectionofGenericDataStructures . . . . . . . . . . . . . . . . . 20 5 Implementation 21 5.1 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.1.1 Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.1.2 ControlandStatusRegisters . . . . . . . . . . . . . . . . . . . . . . 23 5.1.3 CryptographicPrimitives . . . . . . . . . . . . . . . . . . . . . . . . 24 5.2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.2.1 GCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.2.2 LinuxBinutilsandGDB . . . . . . . . . . . . . . . . . . . . . . . . . 26 6 Evaluation 28 6.1 SecurityPropertiesandAttackResistance . . . . . . . . . . . . . . . . . . . 28 6.1.1 CodeReuseAttacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 6.1.2 SigningKeys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.1.3 PACEntropy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.1.4 SigningGadgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 6.1.5 LeakingKeys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.1.6 RIPETestsuite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.2 Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.2.1 Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.2.2 Returnaddresssigning . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3 Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7 DiscussionandConclusion 34 7.1 RelatedWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 7.2 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 7.3 FutureWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 7.3.1 CombinedInstructions . . . . . . . . . . . . . . . . . . . . . . . . . . 36 7.3.2 CreatingPACsforotherPrivilegeLevels . . . . . . . . . . . . . . . 36 7.3.3 MultipleKeys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 7.3.4 ExtendingSoftwareSupport . . . . . . . . . . . . . . . . . . . . . . 37 Acronyms 40 Appendix 41 authInstructionImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 vrfyInstructionImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 authgInstructionImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . 43 strpInstructionImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 1 Introduction Low-levelprogramminglanguagessuchasCandC++delegatememorymanagementto theprogrammer.Compilersforsuchlanguagesareunabletocheckforinvalidmemory accessesorundefinedbehavior.Wecalltheselanguagesmemory-unsafe.Theprogrammer isleftwithaccesstotherawmemoryandisexpectedtomanageit—andtheprogrammer ispronetohumanerror.Alotofsystemsoftwarethatrunswithhighprivilegesiswritten in such memory-unsafe languages, e.g. the Linux kernel or device drivers. This makes memoryerrorsaprimetargetforattackers,whichleveragememoryerrorstogaincontrol overasystembystrategicallycorruptingcontroldatastoredinwritablememory. The arms race between attackers and countermeasures has gone on for some time. PriortoDataExecutionPrevention(DEP)[4],attackerscouldinjectexecutablecodeinto processmemory.Theattackerwouldthentriggerexecutionofthiscode.Directexecution of injected code is prevented by the hardware-assisted DEP present in modern CPUs. Itforceswritablememorytobenon-executableandthereforepreventstheexecutionof injectedcode.AsDEPpreventstheformerexploit,attackershavemovedontoattacks basedonothervectors.CodeReuseAttacksdonotrelyonattackercraftedcodebutrather corruptcontroldataandutilizeexistingprogramcode.Theseattacksleverageexisting instructionsequencesintheexecutableinordertobypassnon-executablememory.Asthe writablememorycontainscontroldataandpointers,attackersstrategicallycorruptthese inordertohijacktheprogramcontrolflow.Chainingtogetherprogrampartsinawaynot intendedbytheprogrammerallowsforattackerdefinedbehavior. Many currently widely deployed protection mechanisms are defeated by attackers with arbitrary memory access. Therefore we need approaches for better protection. A classofsuchapproachesisbasedonControlFlowIntegrity(CFI).CFImonitorsprogram executionandisabletodetectwhenaprogramdivertsfromnormalbehavior.Attacks causeunexpectedbehavior,whichCFIdetects. CFI approaches often trade off precision for performance. Solutions offering very preciseCFIareabletoreliablydetectattacksbutcomewithalargeruntimeoverheador requiresourcecodemodification,propertiesunacceptableforprotectionmechanismsthat needtobewidelycompatible.Inthecaseoflegacysystems,sourcecodemodificationis notanoption.Attackmitigationmechanismsneedtohavealowoverheadandrequire littletonoeffortfromtheprogrammerinordertobeaccepted. Manyprotectionmechanismsareimplementedinsoftware,yettheunderlyinghard- wareposeslimits.Addingnewmechanismstothehardwareitselfallowsforapproaches 1 1 Introduction notlimitedbyexistingstructures.Furthermore,hardware-basedimplementationshave theadvantageofbeinguninfluenceablebyanattacker.Softwareisinfluenceablebyan attackerashecanaccessthememorybuttheunderlyinghardwareisoutofhisreach. With Pointer Authentication Codes (PACs) [16, 17, 5] ARM has implemented an addition to its Instruction Set Architecture (ISA) allowing for integrity protection and authenticationofpointers.Theseadditionscanalsobeusedtoenforcehardware-assisted CFI.ARMPACremainseffectiveagainststrongattackerswitharbitrarymemoryaccess. ARM’s hardware-based approach offers a lower overhead in contrast to software solutions.ProtectionschemesmakinguseofARM’sadditions,suchasPARTS[14]offer verygoodruntimeprotection.PARTSoffersprotectionofalldataandinstructionpointers ataruntimeoverheadof19.5%.Protectionofthereturnaddresscomeswithalowoverhead of0.5%.AsPARTSiscompilerbased,itdoesnotrequiresourcecodemodification. 1.1 Contributions InthispaperwepresentanapproachtopointerauthenticationfortheRISC-VISA,based on ARM’s approach to pointer authentication [16, 17, 5]. We present a design and an extension of the RISC-V ISA for pointer integrity protection and authentication. We reportthehardwaremodificationsandinstructionsadded.Ourapproachallowsreliable detectionofpointertampering.Itcanwithstandstrongattackerswitharbitrarymemory access.Wepresentause-caseofourapproach,addingcompilersupportforprotectionof thereturnaddressstoredonthestack.WeshowthatoursolutioniseffectiveagainstCode ReuseAttacks.Ourhardwareadditionsallowforstrongprotectionmechanismsutilizing theaddedinstructions. Theremainderofthisthesisisorganizedasfollows:InChapter2wegiveanoverview overtheRISC-VISA,theconceptofCFIaswellasrelevantattacksandcountermeasures. Chapter3givesanoverviewoverARMPAC,ARM’sapproachtopointerauthentication.In Chapter4wepresentourdesignforpointerauthenticationfortheRISC-VISA.Chapter5 presentstheimplementationdetailsofourdesignaswellasaproof-of-concept:protection of the return address stored on the stack. In Chapter 6 we evaluate our approach. In Chapter7wegiveanoverviewoverrelatedwork,aconclusion,andfutureextensions. 2 2 Background OurapproachtopointerauthenticationextendstheRISC-VISA.Relevantbackground is given in the following. We introduce to the RISC-V ISA, code reuse attacks, CFI and commonprotectionmechanisms. 2.1 RISC-V The RISC-V architecture [23, 22] is a free and open load/store Reduced Instruction Set Computer (RISC) ISA, providing support for 32 and 64-bit address space variants. In contrasttootherarchitectures,theRISC-VISAtakesamodularapproach.Themodular approachsplittinguptheISAallowsforcustom,non-standardextensionsthatextendthe ISAforspecialpurposes. Instruction Set Architecture. There are four base integer instruction sets: the two pri- marybaseISAsRV32IandRV64I,the128-bitvariantRV128I,andRV32E,whichistargeted at small microcontrollers. Each base ISA provides a minimal target for toolchains and computation.Inthefollowingwefocusonthe64-bitvariantRV64I.Thebaseintegerin- structionsetiscomplementedbyextensions(suchasfloatingpointoratomics)toprovide atargetforgeneral-purposesoftware. The64-bitbaseintegerinstructionsetusedinthefollowingisRV64I(RV64denoting the64-bitvariantandIdenotingtheintegerbaseinstructionset).TheRISC-VISAstring consistsofthebasearchitecture(RV64I)followedbytheextensionspresent.Thegeneral- purposeinstructionsetincludesthebaseintegerISAandextensions,beingdenotedas RV64GwhichisequaltoRV64IMAFD.Thegeneral-purposeinstructionsetincludes • theintegerbaseinstructionsetI • thestandardextensionMforIntegerMultiplicationandDivision • thestandardextensionAforAtomicInstructions • thestandardextensionFforSingle-PrecisionFloating-Point • thestandardextensionDforDouble-PrecisionFloating-Point. By splitting the ISA into a base and extensions, RISC-V avoids bloating the standard instructionset.RISC-Vaimstoonlyhavetheminimalnecessarysetofinstructionspresent. 3 2 Background 31 25 24 20 19 15 14 12 11 7 6 0 funct7 rs2 rs1 funct3 rd opcode R-type imm[11:0] rs1 funct3 rd opcode I-type imm[11:5] rs2 rs1 funct3 imm[4:0] opcode S-type imm[31:12] rd opcode U-type Table1:RISC-Vinstructionformats.imm[11:0]denotesimmediatebitpositions11to0.Takenfromthe RISC-VISAmanual[23]. Registers. TheRV64IbaseRISC-VISAspecifies31general-purposeregisters(x1-x31),a dedicatedzeroregister(x0)andaprogramcounter(pc).Theregisterwidthisdenotedby XLEN.Forthe64-bitvariantRV64XLENisequal64. Instruction Formats. Instructions of the general-purpose ISA are 32-bit wide with ex- ceptionofthecompressedinstructionsoftheCextension,whichare16-bitwide.TheC extensionofferscompressed16-bitinstructionsforcommonoperations. Instructionsmustbefour-bytealignedinmemory,exceptiftheCextensionispresent. Inthiscasealignmentmustbeonatwo-byteboundary. The base instruction set specifies four core instruction formats: R, I, S and U. The instruction formats are listed in Table 1. There are two additional immediate encoding variants(B,J)encodingbranchandjumpinstructions.Thers1andrs2fieldsencodethe sourceregisters.Theresultoftheinstructioniswrittentotheregisterrd.Immediatevalues are encoded by the imm fields and may be split into multiple fields. If present, funct7, funct3andopcodeencodetheinstruction.opcodespecifiestheinstruction’smajoropcode. Bykeepingthesourceanddestinationregisteratthesamepositiondecodingissimplified. PrivilegeLevels. TheISAspecifiesthreeprivilegelevels:Usermode(U-mode),Supervi- sormode(S-mode)andMachinemode(M-mode).ThelowestprivilegelevelisU-mode. The levels and encoding are listed in Table 2. The minimum an implementation has to supportisM-mode. InaLinuxenvironmentthebootloaderandfirmwareruninM-mode,thekernelin S-modeandusersoftwareinU-mode. ControlandStatusRegisters. ControlandStatusRegisters(CSRs)arespecialregisters that contain state information of a processor, such as timers and counters. The RISC-V ISAspecifies12-bitwideCSRaddresses.ACSR’saddressimplicitlyencodestheaccess permissions. The highest two bits (bits [11:10]) encode whether the CSR is read/write accessible(values00,01,10)orread-only(11).Thenexttwobits(bits[9:8])encodethe lowest privilege level that can access the CSR. Privilege level encodings are listed in Table2. TheCSRsareaccesseddirectlybytheCSRinstructionswhichatomicallyread-modify- writeasingleCSR.AccessingaCSRwithouthavingtheappropriateprivilegelevelraises anillegalinstructionexception. VirtualMemory. RV64IU-modeandS-modesupportamodefordirectaddressingas wellas39-bit(Sv39)and48-bit(Sv48)wideVirtualAddresses(VAs).M-modedoesnot supportaddresstranslation.TheMODEfieldinthesatp(SupervisorAddressTranslation 4
The list of books you might like
