TUM Logo

Memory Corruption Exploits on RISC-V

Memory Corruption Exploits on RISC-V

Supervisor(s): Julian Horsch, Philipp Zieris
Status: finished
Topic: Others
Author: Maximilian Rickheit
Submission: 2019-03-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Memory errors, such as buffer overflows or use-after-free errors, are
vulnerabilities in unsafe programming languages (e.g. C or C++) which are commonly
used as starting point for different kinds of low-level exploits. Simple
code injection on the stack, Return-oriented Programming (ROP) and
information leaks are examples of exploits enabled by memory errors.
While most basic memory corruption techniques are conceptually
hardware-independent, an actual attack implementation is usually hardware-specific. For
example, a ROP attack requires profound knowledge of the target's calling
convention and stack layout.
While memory corruption attacks are already thoroughly researched on common
processor architectures, first and foremost on x86 and ARM, their realization
on the relatively new RISC-V processor architecture is still an open topic.
The goal of this thesis is to evaluate how typical memory corruption attacks
known on other architectures transfer to RISC-V. To this end, relevant attack
techniques have to be identified, categorized and analyzed for
hardware-specific components. Then, the relevant parts of the RISC-V
architecture have to be analyzed in order to determine the theoretical
portability of the attacks. Finally, selected attacks should be realized on
actual target hardware as a Proof-of-Concept (PoC).