



Une école de l'IMT



**IN VIA**

# PROJET COFFI ANR-18-CES39-003

**VERIFICATION OF THE PROGRAM'S CFI BASED  
ON A TRACE ENCODER**

**Anthony ZGHEIB**  
**Journée thématique sur les attaques par  
injection de fautes**  
**23 Septembre 2021**



# Table of Contents

- 1 Introduction
- 2 Methodology to verify the program's CFI
- 3 Exploited approaches
- 4 Results
- 5 Perspectives

# Table of Contents

1 Introduction

2 Methodology to verify the program's CFI

3 Exploited approaches

4 Results

5 Perspectives

## Why is it necessary to guarantee the program's CFI?

- Software attacks : Buffer Overflow, ROP, Code Reutilization Attacks...
- Hardware attacks : Fault Injection...
- Example - Code pin verification :

```
int counter = 3;
void VerifyPin() {
1 →    if (counter > 0)
2 →        if (Cmp(userPIN, devicePIN) )
            Accept();
        else
3 →            counter--;
}
```

- CFI Verification = Correct Program Execution.

# Table of Contents

1 Introduction

2 Methodology to verify the program's CFI

3 Exploited approaches

4 Results

5 Perspectives

# How could we verify the program's CFI?

## Methodology

- Get information about what is executed at the RISC-V core level => **Trace Encoder (TE)**
- Compare these data to static data obtained from a static analysis of the binary program => **Trace Verifier (TV)**
- Detect if a fault injection attack is made => TV's output



## Definition

- Module designed by the RISC-V community.
- Overall objective: Compression of the program's execution path.
- Interpret the executed instructions from the RISC-V core.
- Report the discontinuities present in a program in the form of packets.
  - Instructions presenting an uninferable PC discontinuity.
  - Interruptions and exceptions...

# Packet generation example



## Example of a packet - Use Case

- Having a function call where the program encounter n branches.
- A packet will be sent containing : the number of branches (n), the branch map (branch taken or not) and the return address ...

# Packet generation example

```
int fnct1(int a, int b, int c) {  
    if (a==1) {  
        if(b==2) {  
            ...  
        } else {  
            ...  
        }  
        end if;  
    } else {  
        ...  
    }  
    if(c==a+b) {  
        ...  
    } else {  
        ...  
    }  
    return a+b+c;  
}  
  
int main() {  
  
    int a = 1;  
    int b = 3;  
    int c = 4;  
  
    c=fnct1(a,b,c);  
  
    return 0;  
}
```

Fnct1 call →

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

# Packet generation example

```
1 → int fnct1(int a, int b, int c) {  
    if (a==1) {  
        if(b==2) {  
            ...  
        } else {  
            ...  
        }  
        end if;  
    } else {  
        ...  
    }  
    if(c==a+b) {  
        ...  
    } else {  
        ...  
    }  
    return a+b+c;  
}  
  
int main() {  
  
    int a = 1;  
    int b = 3;  
    int c = 4;  
  
    c=fnct1(a,b,c);  
  
    return 0;  
}
```



# Packet generation example

```
1 →     int fnct1(int a, int b, int c) {
2 →         if (a==1) {
3 →             if(b==2) {
4 →                 ...
5 →             } else {
6 →                 ...
7 →             }
8 →         } else {
9 →             ...
10 →         }
11 →         if(c==a+b) {
12 →             ...
13 →         } else {
14 →             ...
15 →         }
16 →     return a+b+c;
17 → }

18 → int main() {
19 →
20 →     int a = 1;
21 →     int b = 3;
22 →     int c = 4;
23 →
24 →     c=fnct1(a,b,c);
25 →
26 →     return 0;
27 → }
```



# Packet generation example

```
1 →     int fnct1(int a, int b, int c) {  
2 →         if (a==1) {  
3 →             if(b==2) {  
4 →                 ...  
5 →             } else {  
6 →                 ...  
7 →             }  
8 →             end if;  
9 →         } else {  
10 →             ...  
11 →         }  
12 →         if(c==a+b) {  
13 →             ...  
14 →         } else {  
15 →             ...  
16 →         }  
17 →     return a+b+c;  
18 → }  
  
int main() {  
    int a = 1;  
    int b = 3;  
    int c = 4;  
  
    c=fnct1(a,b,c);  
  
    return 0;  
}
```



# Packet generation example

```
1 →     int fnctl(int a, int b, int c) {  
2 →         if (a==1) {  
3 →             if(b==2) {  
4 →                 ...  
5 →             } else {  
6 →                 ...  
7 →             }  
8 →             end if;  
9 →         } else {  
10 →             ...  
11 →         }  
12 →         if(c==a+b) {  
13 →             ...  
14 →         } else {  
15 →             ...  
16 →         }  
17 →     return a+b+c;  
18 → }  
  
int main() {  
    int a = 1;  
    int b = 3;  
    int c = 4;  
  
    c=fnctl(a,b,c);  
  
    return 0;  
}
```



# Packet generation example

```
1 →     int fnct1(int a, int b, int c) {  
2 →         if (a==1) {  
3 →             if(b==2) {  
4 →                 ...  
5 →             } else {  
6 →                 ...  
7 →             }  
8 →             end if;  
9 →         } else {  
10 →             ...  
11 →         }  
12 →         if(c==a+b) {  
13 →             ...  
14 →         } else {  
15 →             ...  
16 →         }  
17 →         return a+b+c;  
18 →     }  
19 →  
20 →     int main() {  
21 →         int a = 1;  
22 →         int b = 3;  
23 →         int c = 4;  
24 →  
25 →         c=fnct1(a,b,c);  
26 →  
27 →         return 0;  
28 →     }
```



## Example (Generated packet)

- Number of branches : 3
- Branch Map : 010
- Return address

- It's verification system based on the TE sent packets.
- Compare the TE packets to static data issued from a static analysis of the binary program.
  - A static analysis is made after the compilation process.
  - Branch, jump, call and return instructions with their addresses are stored in a memory.
- A flag is raised when a fault is detected.

# Table of Contents

1 Introduction

2 Methodology to verify the program's CFI

3 Exploited approaches

4 Results

5 Perspectives

# Exploited solution - Architecture



# First approach - ASIC RISC-V Model



- Verification process starts when a packet is sent.
- Navigation through the static data and constitution of the path followed by the program.
- Comparison process.

# First approach - ASIC RISC-V Model



- Verification process starts when a packet is sent.
- Navigation through the static data and constitution of the path followed by the program.
- Comparison process.

# First approach - ASIC RISC-V Model



- Verification process starts when a packet is sent.
- Navigation through the static data and constitution of the path followed by the program.
- Comparison process.

# First approach - FI detection

## Fault coverage

- Changing the return address of a function.
- Instruction skip on a function call.

## Particular cases

- Instruction skip on branch instructions.
- It depends on the branch number and return address.



## Limitations

- Corruption of a branch instruction (funct3, branch address ...).

# First approach - FI detection

## Fault coverage

- Changing the return address of a function.
- Instruction skip on a function call.

## Particular cases

- Instruction skip on branch instructions.
- It depends on the branch number and return address.



## Limitations

- Corruption of a branch instruction (funct3, branch address ...).

# First approach - FI detection

## Fault coverage

- Changing the return address of a function.
- Instruction skip on a function call.

## Particular cases

- Instruction skip on branch instructions.
- It depends on the branch number and return address.



## Limitations

- Corruption of a branch instruction (funct3, branch address ...).

# Second approach - Adding the PC - RISC-V FPGA Model



## Features

- We pull the PC and connect it to the TV.
- Calculation is made before receiving the packet.
- Verification process is faster compared to the first approach.

# Second approach - FI detection

## Fault coverage

- Changing the return address of a function.
- Instruction skip on a function call and **branch instruction**.
  - Total number of branches=4.



## Particular cases

- Changing the branch address in case it was taken : `beq a4,a5,180.`

## Limitations

- Corruption of a branch instruction (`funct3, branch address ...`).

# Third approach - Redefining the TE RISC-V standard



## Features

- PC and executed instructions are pulled and connected to the TV.
- Adjustment to the TE RISC-V standard by defining the qualified instructions (jump, branch, return...).
- Packet is sent after each qualified instruction.

## Fault coverage

- Changing the return address of a call function.
- Instruction skip on a function call and branch instruction.
- Their corruption / substitution with other instructions.

# Table of Contents

1 Introduction

2 Methodology to verify the program's CFI

3 Exploited approaches

4 Results

5 Perspectives

# Results - Comparison between the 3 approaches

- Each approach covers a specific number of threats :

| Approach   | SFC | RAC | SBI | CDI | L  |
|------------|-----|-----|-----|-----|----|
| TV-ASIC    | ✓   | ✓   | (X) | X   | -- |
| TV-FPGA-PC | ✓   | ✓   | ✓   | X   | -  |
| TE-TV-CFI  | ✓   | ✓   | ✓   | ✓   | +  |

- SFC : Skip on function calls.
- RAC : Return address change.
- SBI : Skip on branch instructions.
- CDI : Corruption of a discontinuity instruction.
- L : Latency.

# Conclusion - Comparison between the 3 approaches

- Hardware Area Overhead (in terms of slices) :

| Approach   | TE  | TV  | Total |
|------------|-----|-----|-------|
| TV-ASIC    | 241 | 360 | 601   |
| TV-FPGA-PC | 241 | 641 | 882   |
| TE-TV-CFI  | 95  | 575 | 670   |

- RISC-V IBEX : 635 slices.

# Table of Contents

1 Introduction

2 Methodology to verify the program's CFI

3 Exploited approaches

4 Results

5 Perspectives

- Definition of a new packet for the basic blocks' verification, by adjusting the TE's standard.
- Verification of the correct instructions execution in the processor pipeline (cf. COFFI Project).



MINES  
Saint-Étienne

Une école de l'IMT



**Thank you for  
your attention**



MINISTÈRE DE L'ÉCONOMIE  
ET DES FINANCES

INSPIRING  
INNOVATION  
SINCE 1816