2 research outputs found
Securing Conditional Branches in the Presence of Fault Attacks
In typical software, many comparisons and subsequent branch operations are
highly critical in terms of security. Examples include password checks,
signature checks, secure boot, and user privilege checks. For embedded devices,
these security-critical branches are a preferred target of fault attacks as a
single bit flip or skipping a single instruction can lead to complete access to
a system. In the past, numerous redundancy schemes have been proposed in order
to provide control-flow-integrity (CFI) and to enable error detection on
processed data. However, current countermeasures for general purpose software
do not provide protection mechanisms for conditional branches. Hence, critical
branches are in practice often simply duplicated.
We present a generic approach to protect conditional branches, which links an
encoding-based comparison result with the redundancy of CFI protection
mechanisms. The presented approach can be used for all types of data encodings
and CFI mechanisms and maintains their error-detection capabilities throughout
all steps of a conditional branch. We demonstrate our approach by realizing an
encoded comparison based on AN-codes, which is a frequently used encoding
scheme to detect errors on data during arithmetic operations. We extended the
LLVM compiler so that standard code and conditional branches can be protected
automatically and analyze its security. Our design shows that the overhead in
terms of size and runtime is lower than state-of-the-art duplication schemes.Comment: Accepted at DATE 201
Pointing in the Right Direction - Securing Memory Accesses in a Faulty World
Reading and writing memory are, besides computation, the most common
operations a processor performs. The correctness of these operations is
therefore essential for the proper execution of any program. However, as soon
as fault attacks are considered, assuming that the hardware performs its memory
operations as instructed is not valid anymore. In particular, attackers may
induce faults with the goal of reading or writing incorrectly addressed memory,
which can have various critical safety and security implications.
In this work, we present a solution to this problem and propose a new method
for protecting every memory access inside a program against address tampering.
The countermeasure comprises two building blocks. First, every pointer inside
the program is redundantly encoded using a multi-residue error detection code.
The redundancy information is stored in the unused upper bits of the pointer
with zero overhead in terms of storage. Second, load and store instructions are
extended to link data with the corresponding encoded address from the pointer.
Wrong memory accesses subsequently infect the data value allowing the software
to detect the error.
For evaluation purposes, we implemented our countermeasure into a RISC-V
processor, tested it on a FPGA development board, and evaluated the induced
overhead. Furthermore, a LLVM-based C compiler has been modified to
automatically encode all data pointers, to perform encoded pointer arithmetic,
and to emit the extended load/store instructions with linking support. Our
evaluations show that the countermeasure induces an average overhead of 10% in
terms of code size and 7% regarding runtime, which makes it suitable for
practical adoption.Comment: Accepted at ACSAC 201