English

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

Cryptography and Security 2022-11-30 v1

Abstract

RISC-V is an open instruction set architecture recently developed for embedded real-time systems. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks, able to bypass existing protections. We provide a first analysis of RISC-V systems' attack surface exploitable by such attacks, and show how they can be chained together in order to build a full-fledged attack. We use a conservative hypothesis on exploited registers and instruction patterns, in an approach we called reserved registers. This approach is implemented on a vulnerable RISC-V application, and successfully applied to expose an AES256 secret.

Keywords

Cite

@article{arxiv.2211.16212,
  title  = {Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming},
  author = {Olivier Gilles and Franck Viguier and Nikolai Kosmatov and Daniel Gracia Pérez},
  journal= {arXiv preprint arXiv:2211.16212},
  year   = {2022}
}

Comments

9 pages

R2 v1 2026-06-28T07:16:43.678Z