BRISC-V emulator: a standalone, installation-free, browser-based teaching tool

Many computer organization and computer architecture classes have recently started adopting the RISC-V architecture as an alternative to proprietary RISC ISAs and architectures. Emulators are a common teaching tool used to introduce students to writing assembly. We present the BRISC-V (Boston University RISC-V) Emulator and teaching tool, a RISC-V emulator inspired by existing RISC and CISC emulators. The emulator is a web-based, pure javascript implementation meant to simplify deployment, as it does not require maintaining support for different operating systems or any installation. Here we present the workings, usage, and extensibility of the BRISC-V emulator.Published versio

Code trolley: hardware-assisted control flow obfuscation

Many cybersecurity attacks rely on analyzing a binary executable to find exploitable sections of code. Code obfuscation is used to prevent attackers from reverse engineering these executables. In this work, we focus on control flow obfuscation - a technique that prevents attackers from statically determining which code segments are original, and which segments are added in to confuse attackers. We propose a RISC-V-based hardware-assisted deobfuscation technique that deobfuscates code at runtime based on a secret safely stored in hardware, along with an LLVM compiler extension for obfuscating binaries. Unlike conventional tools, our work does not rely on compiling hard-to-reverse-engineer code, but on securing a secret key. As such, it can be seen as a lightweight alternative to on-the-fly binary decryption.Published versio

CodeTrolley: Hardware-Assisted Control Flow Obfuscation

Many cybersecurity attacks rely on analyzing a binary executable to find exploitable sections of code. Code obfuscation is used to prevent attackers from reverse engineering these executables. In this work, we focus on control flow obfuscation - a technique that prevents attackers from statically determining which code segments are original, and which segments are added in to confuse attackers. We propose a RISC-V-based hardware-assisted deobfuscation technique that deobfuscates code at runtime based on a secret safely stored in hardware, along with an LLVM compiler extension for obfuscating binaries. Unlike conventional tools, our work does not rely on compiling hard-to-reverse-engineer code, but on securing a secret key. As such, it can be seen as a lightweight alternative to on-the-fly binary decryption.Comment: 2019 Boston Area Architecture Workshop (BARC'19

Heracles: Fully Synthesizable Parameterized MIPS-Based Multicore System

Heracles is an open-source complete multicore system written in Verilog. It is fully parameterized and can be reconfigured and synthesized into different topologies and sizes. Each processing node has a 7-stage pipeline, fully bypassed, microprocessor running the MIPS-III ISA, a 4-stage input-buffer, virtual-channel router, and a local variable-size shared memory. Our design is highly modular with clear interfaces between the core, the memory hierarchy, and the on-chip network. In the baseline design, the microprocessor is attached to two caches, one instruction cache and one data cache, which are oblivious to the global memory organization. The memory system in Heracles can be configured as one single global shared memory (SM), or distributed shared memory (DSM), or any combination thereof. Each core is connected to the rest of the network of processors by a parameterized, realistic, wormhole router. We show different topology configurations of the system, and their synthesis results on the Xilinx Virtex-5 LX330T FPGA board. We also provide a small MIPS cross-compiler toolchain to assist in developing software for Heracles

Sphinx: a secure architecture based on binary code diversification and execution obfuscation

Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while obfuscating the binary code and architecture states to attackers. This approach dramatically reduces an attacker’s ability to exploit information gained from one deployment to attack another deployment. Our results show that the Sphinx is able to decouple the program’s execution time, power and memory and I/O activities from its functionality. It is also practical in the sense that the system (both software and hardware) overheads are minimal.Published versio

Sphinx: A Secure Architecture Based on Binary Code Diversification and Execution Obfuscation

Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while obfuscating the binary code and architecture states to attackers. This approach dramatically reduces an attacker's ability to exploit information gained from one deployment to attack another deployment. Our results show that the Sphinx is able to decouple the program's execution time, power and memory and I/O activities from its functionality. It is also practical in the sense that the system (both software and hardware) overheads are minimal.Comment: Boston Area Architecture 2018 Workshop (BARC18

Post-quantum cryptographic hardware primitives

The development and implementation of post-quantum cryptosystems have become a pressing issue in the design of secure computing systems, as general quantum computers have become more feasible in the last two years. In this work, we introduce a set of hardware post-quantum cryptographic primitives (PCPs) consisting of four frequently used security components, i.e., public-key cryptosystem (PKC), key exchange (KEX), oblivious transfer (OT), and zero-knowledge proof (ZKP). In addition, we design a high speed polynomial multiplier to accelerate these primitives. These primitives will aid researchers and designers in constructing quantum-proof secure computing systems in the post-quantum era.Published versio

Low-overhead hard real-time aware interconnect network router

The increasing complexity of embedded systems is accelerating the use of multicore processors in these systems. This trend gives rise to new problems such as the sharing of on-chip network resources among hard real-time and normal best effort data traffic. We propose a network-on-chip router that provides predictable and deterministic communication latency for hard real-time data traffic while maintaining high concurrency and throughput for best-effort/general-purpose traffic with minimal hardware overhead. The proposed router requires less area than non-interfering networks, and provides better Quality of Service (QoS) in terms of predictability and determinism to hard real-time traffic than priority-based routers. We present a deadlock-free algorithm for decoupled routing of the two types of traffic. We compare the area and power estimates of three different router architectures with various QoS schemes using the IBM 45-nm SOI CMOS technology cell library. Performance evaluations are done using three realistic benchmark applications: a hybrid electric vehicle application, a utility grid connected photovoltaic converter system, and a variable speed induction motor drive application