TY - CONF
T1 - MAMBO–V: Dynamic Side-Channel Leakage Analysis on RISC–V
AU - Wichelmann, Jan
AU - Peredy, Christopher
AU - Sieck, Florian
AU - Pätschke, Anna
AU - Eisenbarth, Thomas
N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.
PY - 2023
Y1 - 2023
N2 - RISC–V is an emerging technology, with applications ranging from embedded devices to high-performance servers. Therefore, more and more security-critical workloads will be conducted with code that is compiled for RISC–V. Well-known microarchitectural side-channel attacks against established platforms like x86 apply to RISC–V CPUs as well. As RISC–V does not mandate any hardware-based side-channel countermeasures, a piece of code compiled for a generic RISC–V CPU in a cloud server cannot make safe assumptions about the microarchitecture on which it is running. Existing tools for aiding software-level precautions by checking side-channel vulnerabilities on source code or x86 binaries are not compatible with RISC–V machine code. In this work, we study the requirements and goals of architecture-specific leakage analysis for RISC–V and illustrate how to achieve these goals with the help of fast and precise dynamic binary analysis. We implement all necessary building blocks for finding side-channel leakages on RISC–V, while relying on existing mature solutions when possible. Our leakage analysis builds upon the modular side-channel analysis framework Microwalk, that examines execution traces for leakage through secret-dependent memory accesses or branches. To provide suitable traces, we port the ARM dynamic binary instrumentation tool MAMBO to RISC–V. Our port named MAMBO–V can instrument arbitrary binaries which use the 64-bit general purpose instruction set. We evaluate our toolchain on several cryptographic libraries with RISC–V support and identify multiple leakages.
AB - RISC–V is an emerging technology, with applications ranging from embedded devices to high-performance servers. Therefore, more and more security-critical workloads will be conducted with code that is compiled for RISC–V. Well-known microarchitectural side-channel attacks against established platforms like x86 apply to RISC–V CPUs as well. As RISC–V does not mandate any hardware-based side-channel countermeasures, a piece of code compiled for a generic RISC–V CPU in a cloud server cannot make safe assumptions about the microarchitecture on which it is running. Existing tools for aiding software-level precautions by checking side-channel vulnerabilities on source code or x86 binaries are not compatible with RISC–V machine code. In this work, we study the requirements and goals of architecture-specific leakage analysis for RISC–V and illustrate how to achieve these goals with the help of fast and precise dynamic binary analysis. We implement all necessary building blocks for finding side-channel leakages on RISC–V, while relying on existing mature solutions when possible. Our leakage analysis builds upon the modular side-channel analysis framework Microwalk, that examines execution traces for leakage through secret-dependent memory accesses or branches. To provide suitable traces, we port the ARM dynamic binary instrumentation tool MAMBO to RISC–V. Our port named MAMBO–V can instrument arbitrary binaries which use the 64-bit general purpose instruction set. We evaluate our toolchain on several cryptographic libraries with RISC–V support and identify multiple leakages.
UR - https://www.mendeley.com/catalogue/096a68f3-0a17-3ac5-84d1-d951500752da/
U2 - 10.1007/978-3-031-35504-2_1
DO - 10.1007/978-3-031-35504-2_1
M3 - Conference Papers
SP - 3
EP - 23
ER -