Off-campus UMass Amherst users: To download campus access dissertations, please use the following link to log into our proxy server with your UMass Amherst user name and password.
Non-UMass Amherst users: Please talk to your librarian about requesting this dissertation through interlibrary loan.
Dissertations that have an embargo placed on them will not be available to anyone until the embargo expires.
ORCID
https://orcid.org/0009-0001-6897-4819
Access Type
Open Access Thesis
Document Type
thesis
Degree Program
Electrical & Computer Engineering
Degree Type
Master of Science in Electrical and Computer Engineering (M.S.E.C.E.)
Year Degree Awarded
2024
Month Degree Awarded
February
Abstract
Embedded systems based on lightweight microprocessors are becoming more prevalent in various applications. However, the security of them remains a significant challenge due to the limited resources and exposure to external threats. Especially, some of these devices store sensitive data and control critical devices, making them high-value targets for attackers. Software security is particularly important because attackers can easily access these devices on the internet and obtain control of them by injecting malware.
Return address (RA) hijacking is a common software attack technique used to compromise control flow integrity (CFI) by manipulating memory, such as return-to-libc attacks. Several methods have been proposed to protect CFI, including RA authentication, stack canaries, and shadow stack. However, these hardware and software defense mechanisms introduce significant memory overhead and resource consumption, making them unsuitable for IoT devices with limited memory.
This thesis investigates the security of embedded systems by focusing on the control flow integrity of the return address for RISC-V. This project asserts the Pointer Authentication Code (PAC) in the return address to protect the CFI by custom instructions. Compared to the previous work, this project introduces a faster cipher to improve the performance of the system. Also, a prediction mechanism is embedded into the system to reduce the latency of the authentication. This project also integrates the PAC generator into the GCC compiler to support automatic PAC generation. The overhead of this project is 4.19\% on TACleBench and 3.25\% on Coremark with the Rocket chip on the Nexys A7 board.
First Advisor
Wayne Burelson
Second Advisor
Tilman Wolf
Third Advisor
Yadi Eslami
Recommended Citation
zhao, yuhe, "Protecting Return Address Integrity for RISC-V via Pointer Authentication" (2024). Masters Theses. 1424.
https://scholarworks.umass.edu/masters_theses_2/1424
Included in
Computer and Systems Architecture Commons, Hardware Systems Commons, VLSI and Circuits, Embedded and Hardware Systems Commons