CIFER: Code Integrity and control Flow verification for programs Executed on a RISC-V core

Abstract

Fault Injection Attacks (FIA) are powerful threats that can modify the intended behavior of a program running on a processor. Control Flow Integrity (CFI) is used to check at runtime that a program’s execution path follows its corresponding Control Flow Graph (CFG) and is not altered by these attacks. Recent works have stated that developers do not sufficiently consider hardware specifications while designing software countermeasures. Moreover, most hardware and codesign CFI solutions do not cover the integrity of the processor microarchitecture. This paper presents CIFER, a Code Integrity and control Flow verification system for programs Executed on a RISC-V core. It ensures instruction execution in the core while checking the microarchitectural control signals. This is known as a Control Flow and Execution Integrity (CFEI) approach. Our solution is built upon the RISC-V Trace Encoder (TE) which provides information about the execution path of the user’s program. CIFER proposes an evolution of the TE standard and an analysis of the targeted core’s architecture to monitor the pipeline control signals. The average hardware area overheads of our solution range from 35.2% to 55%. Compared to existing CFI and CFEI countermeasures, CIFER presents no performance costs. It does not modify the RISC-V Instruction Set Architecture (ISA), the compilation process nor the user code.