RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To improve the security of these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks. We provide an analysis of new dispatcher gadgets we discovered, and show how they can be used together to build a stealth attack, bypassing existing protections. We implemented a proof-of-concept attack on an embedded web server compiled for RISC-V, in which we introduced a vulnerability allowing an attacker to read an arbitrary file from the remote host machine.
CITATION STYLE
Buckwell, L., Gilles, O., Pérez, D. G., & Kosmatov, N. (2024). Execution at RISC: Stealth JOP Attacks on RISC-V Applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 14399 LNCS, pp. 377–391). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-54129-2_22
Mendeley helps you to discover research relevant for your work.