CVA6-CFI: A First Glance at RISC-V Control-Flow Integrity Extensions
Simone Manoni, Emanuele Parisi, Riccardo Tedeschi, Davide Rossi, Andrea Acquaviva, Andrea Bartolini
TL;DR
This paper introduces RISC-V extensions for Control-Flow Integrity, implementing hardware-based security mechanisms to prevent control-flow hijacking with minimal performance and area overhead, and provides an open-source implementation.
Contribution
It presents the first design and evaluation of RISC-V CFI extensions, including hardware units for forward and backward control-flow protection, integrated into the CVA6 core.
Findings
1. 1.0% area overhead in 22 nm technology.
Up to 15.6% performance overhead on MiBench.
Open-source implementation available.
Abstract
This work presents the first design, integration, and evaluation of the standard RISC-V extensions for Control-Flow Integrity (CFI). The Zicfiss and Zicfilp extensions aim at protecting the execution of a vulnerable program from control-flow hijacking attacks through the implementation of security mechanisms based on shadow stack and landing pad primitives. We introduce two independent and configurable hardware units implementing forward-edge and backward-edge control-flow protection, fully integrated into the open-source CVA6 core. Our design incurs in only 1.0% area overhead when synthesized in 22 nm FDX technology, and up to 15.6% performance overhead based on evaluation with the MiBench automotive benchmark subset. We release the complete implementation as open source.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Cryptographic Implementations and Security · Real-Time Systems Scheduling