# RF-Trojan: Leaking Kernel Data Using Register File Trojan

**Authors:** Mohammad Nasim Imtiaz Khan, Asmit De, Swaroop Ghosh

arXiv: 1904.07144 · 2019-04-16

## TL;DR

This paper uncovers hardware Trojan vulnerabilities in register files that can cause data leaks and privilege escalation, demonstrating the threat through simulation and proposing countermeasures to enhance security.

## Contribution

It introduces a novel class of hardware Trojans targeting register files, models their impact via simulation, and suggests effective countermeasures for detection and prevention.

## Key findings

- Trojan can cause bitcell corruption and read errors.
- Trigger evades post-silicon testing due to high hammering requirement.
- Countermeasures like read verification and register hashing can mitigate attacks.

## Abstract

Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that determinesthe access privileges. In this work, we explore the vulnerabilities in RF and propose a class of hardware Trojans which can inject faults during read or retention mode. The Trojan trigger is activated if one pre-selected address of L1 data-cache is hammered for certain number of times. The trigger evades post-silicon test since the required number of hammering to trigger is significantly high even under process and temperature variation. Once activated, the trigger can deliver payloads to cause Bitcell Corruption (BC) and inject read error by Read Port (RP) and Local Bitline (LBL). We model the Trojan in GEM5 architectural simulator performing a privilege escalation. We propose countermeasures such as read verification leveraging multiport feature, securing control and segment registers by hashing and L1 address obfuscation.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.07144/full.md

## Figures

37 figures with captions in the complete paper: https://tomesphere.com/paper/1904.07144/full.md

## References

11 references — full list in the complete paper: https://tomesphere.com/paper/1904.07144/full.md

---
Source: https://tomesphere.com/paper/1904.07144