A CCFI Verification Scheme Based on the RISC-V Trace Encoder

Abstract

Control-Flow Integrity (CFI) is used to check at runtime that a program’s execution path follows its corresponding Control-Flow Graph (CFG) and is not altered by software or physical attacks. In addition to the CFI’s features, the Code and Control-Flow Integrity (CCFI) verifies the integrity of the executed program code. This paper presents a CCFI verification system for programs executed on RISC-V cores. Our solution is built upon the RISC-V Trace Encoder (TE) that provides information about the execution path of the user’s program. An evolution of the TE specifications and additional logic have made it possible to monitor the integrity of a program control flow and of all the executed instructions. We implemented this approach on a RISC-V core and simulated its efficiency against Fault Injection Attacks. Its average hardware area and memory overheads are equal to 27.9% and 6.25% respectively. Compared to existing CCFI solutions, our methodology does not modify the user code, the RISC-V compiler or the core’s pipeline.