Abstract
This paper provides the first analysis on the feasibility of Return-Oriented programming (ROP) on RISC-V, a new instruction setarchitecture targeting embedded systems. We show the existenceof a new class of gadgets, using several Linear Code Sequences AndJumps (LCSAJ), undetected by current Galileo-based ROP gadgetsearching tools.We argue that this class of gadgets is rich enough on RISC-Vto mount complex ROP attacks, bypassing traditional mitigationlike DEP, ASLR, stack canaries, G-Free and some compiler-basedbackward-edge CFI, by jumping over any guard inserted by a compilerto protect indirect jump instructions.We provide examples of such gadgets, as well as a proof-ofconceptROP chain, using C code injection to leverage a privilegeescalation attack on two standard Linux operating systems. Additionally,we discuss some of the required mitigations to preventsuch attacks and provide a new ROP gadget finder algorithm thathandles this new class of gadgets.
Original language | English |
---|---|
Title of host publication | Proceedings of the 15th ACM Asia Conference on Computer and Communications Security |
Subtitle of host publication | ASIA CCS 2020 |
Pages | 471-480 |
Number of pages | 10 |
ISBN (Electronic) | 9781450367509 |
DOIs | |
Publication status | Published - 1 Oct 2020 |
Event | The 15th ACM Asia Conference on Computer and Communications security - Taipei, TAIWAN Duration: 5 Oct 2020 → 9 Oct 2020 https://asiaccs2020.cs.nthu.edu.tw |
Publication series
Name | Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 |
---|
Conference
Conference | The 15th ACM Asia Conference on Computer and Communications security |
---|---|
Abbreviated title | Asia CCS2020 |
Country/Territory | TAIWAN |
City | Taipei |
Period | 5/10/20 → 9/10/20 |
Internet address |
Keywords
- Galileo algorithm
- RISC-V
- code overlap
- return-oriented programming
Fingerprint
Dive into the research topics of 'Return-Oriented Programming on RISC-V'. Together they form a unique fingerprint.Profiles
-
Raja Akram
- School of Natural & Computing Sciences, Computing Science - Senior Lecturer
- Cybersecurity and Privacy
Person: Academic