English

Return-Oriented Programming on RISC-V

Cryptography and Security 2021-03-16 v1
Authors: Georges-Axel Jaloyan , Konstantinos Markantonakis , Raja Naeem Akram , David Robin , Keith Mayes , David Naccache
View on arXiv PDF DOI

Abstract

This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that this class of gadgets is rich enough on RISC-V to mount complex ROP attacks, bypassing traditional mitigation like DEP, ASLR, stack canaries, G-Free, as well as some compiler-based backward-edge CFI, by jumping over any guard inserted by a compiler to protect indirect jump instructions. We provide examples of such gadgets, as well as a proof-of-concept ROP chain, using C code injection to leverage a privilege escalation attack on two standard Linux operating systems. Additionally, we discuss some of the required mitigations to prevent such attacks and provide a new ROP gadget finder algorithm that handles this new class of gadgets.

Keywords

side-channel attack

Cite

@article{arxiv.2103.08229,
  title  = {Return-Oriented Programming on RISC-V},
  author = {Georges-Axel Jaloyan and Konstantinos Markantonakis and Raja Naeem Akram and David Robin and Keith Mayes and David Naccache},
  journal= {arXiv preprint arXiv:2103.08229},
  year   = {2021}
}

Comments

27 pages, 8 figures, originally published at AsiaCCS 2020

Related papers

View all related →
Cryptography and Security · Computer Science
Execution at RISC: Stealth JOP Attacks on RISC-V Applications
Loïc Buckwell, Olivier Gilles, Daniel Gracia Pérez, Nikolai Kosmatov
2023-07-25
Cryptography and Security · Computer Science
Return-Oriented Programming in RISC-V
Garrett Gu, Hovav Shacham
2020-07-31
Cryptography and Security · Computer Science
Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming
Olivier Gilles, Franck Viguier, Nikolai Kosmatov, Daniel Gracia Pérez
2022-11-30
Cryptography and Security · Computer Science
Security Mitigations for Return-Oriented Programming Attacks
Piotr Bania
2010-08-25
Cryptography and Security · Computer Science
The never ending war in the stack and the reincarnation of ROP attacks
Ammari Nader, Joan Calvet, Jose M. Fernandez
2020-05-26
Cryptography and Security · Computer Science
Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture
Kai Lehniger, Marcin J. Aftowicz, Peter Langendörfer, Zoya Dyka
2022-01-19
Cryptography and Security · Computer Science
SIGDROP: Signature-based ROP Detection using Hardware Performance Counters
Xueyang Wang, Jerry Backer
2016-09-12
Cryptography and Security · Computer Science
SafeLLVM: LLVM Without The ROP Gadgets!
Federico Cassano, Charles Bershatsky, Jacob Ginesin, Sasha Bashenko
2023-11-03
Cryptography and Security · Computer Science
A practical analysis of ROP attacks
Ayush Bansal, Debadatta Mishra
2021-11-08
Cryptography and Security · Computer Science
Zipper Stack: Shadow Stacks Without Shadow
Jinfeng Li, Liwei Chen, Qizhen Xu, Linan Tian +3
2020-07-16
Cryptography and Security · Computer Science
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP
Salman Ahmed, Ya Xiao, Gang Tan, Kevin Snow +3
2020-06-16
Cryptography and Security · Computer Science
Return Oriented Programming - Exploit Implementation using functions
Sunil Kumar Sathyanarayan, Dr. Makan Pourzandi, Katayoun Aliyari
2017-06-28
Cryptography and Security · Computer Science
ROPNN: Detection of ROP Payloads Using Deep Neural Networks
Xusheng Li, Zhisheng Hu, Haizhou Wang, Yiwei Fu +3
2024-02-14
Cryptography and Security · Computer Science
ROPfuscator: Robust Obfuscation with ROP
Giulio De Pasquale, Fukutomo Nakanishi, Daniele Ferla, Lorenzo Cavallaro
2023-04-05
Cryptography and Security · Computer Science
HCIC: Hardware-assisted Control-flow Integrity Checking
Jiliang Zhang, Binhang Qi, Gang Qu
2018-09-20
Cryptography and Security · Computer Science
Survey of Methods for Automated Code-Reuse Exploit Generation
Alexey Vishnyakov, Alexey Nurmukhametov
2021-07-23
Cryptography and Security · Computer Science
Software Mitigation of RISC-V Spectre Attacks
Ruxandra Bălucea, Paul Irofti
2023-11-08
Cryptography and Security · Computer Science
Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation
Pietro Borrello, Emilio Coppa, Daniele Cono D'Elia
2021-08-12
Cryptography and Security · Computer Science
LeapFrog: The Rowhammer Instruction Skip Attack
Andrew Adiletta, M. Caner Tol, Kemal Derya, Berk Sunar +1
2025-05-06
Cryptography and Security · Computer Science
Reasoning-Oriented Programming: Chaining Semantic Gadgets to Jailbreak Large Vision Language Models
Quanchen Zou, Moyang Chen, Zonghao Ying, Wenzhuo Xu +5
2026-03-11
Cryptography and Security · Computer Science
ROPocop - Dynamic Mitigation of Code-Reuse Attacks
Andreas Follner, Eric Bodden
2015-04-10
Operating Systems · Computer Science
Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers
Ruslan Nikolaev, Hassan Nadeem, Cathlyn Stone, Binoy Ravindran
2022-01-21
Cryptography and Security · Computer Science
Comments on: RIO: Return Instruction Obfuscation for Bare-Metal IoT Devices with Binary Analysis
Kai Lehniger, Peter Langendörfer
2024-12-12
Cryptography and Security · Computer Science
RARES: Runtime Attack Resilient Embedded System Design Using Verified Proof-of-Execution
Avani Dave Nilanjan Banerjee Chintan Patel
2023-05-08
Hardware Architecture · Computer Science
A portable and Linux capable RISC-V computer system in Verilog HDL
Junya Miura, Hiromu Miyazaki, Kenji Kise
2020-03-30