CompaSeC A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V
Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not a...
Saved in:
Published in | Proceedings of the 28th Asia and South Pacific Design Automation Conference pp. 676 - 682 |
---|---|
Main Authors | , , , , |
Format | Conference Proceeding |
Language | English |
Published |
New York, NY, USA
ACM
16.01.2023
|
Series | ACM Conferences |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system's resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults. |
---|---|
ISBN: | 9781450397834 1450397832 |
DOI: | 10.1145/3566097.3567925 |