Themenkomplex 1: RISC-V core

VexRiscv is an open source implementation of a 32-bit RISC-V core written in SpinalHDL, a Scala library that allows abstract RTL descriptions of hardware components. The high abstraction level and modularity allows an easy extension of the core. Possible master thesis topics are the extension of the core with certain security features. Example topics are listed below:

1a) Return-address authentication on a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

This new method uses secure hashes to chain return addresses together, making it impossible for an attacker to modify them without being detected. For a 64-bit system this hash is saved in the unused bits of the return pointer itself. On a 32-bit system this is not possible.

Research Question:

Based on the given concept of the 64-bit implementation, the student should find a suitable solution for the 32-bit core. The solution should be implemented using SpinalHDL and evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)
1b) A shadow stack implementation for a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

Shadow stacks are used to detect malicious changes of return addresses on the stack by implementing a second hidden stack where a copy of all return addresses is stored. In the literature different implementations for shadow stacks are discussed.

Research Question:

The student should evaluate different approaches and choose one possibility. The chosen variant should be implemented as an extension for a 32-bit RISC-V core and evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • Basic memory management,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)
1c) A label-based forward-edge control-flow integrity extension for a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

Modifications of function pointers are used to change the control flow and achieve a malicious behaviour. Labels, as part of the program code, can be used to ensure a call/jump targets the intended address. Setting and checking labels with dedicated instructions can help to reduce the overhead for this technique.

Research Question:

After literature research the student should make a selection of instructions to assist label-based control-flow integrity. These instructions should be implemented for a RISC-V processor using SpinalHDL. The results should be evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)

Unsere Webseite verwendet Cookies. Diese haben zwei Funktionen: Zum einen sind sie erforderlich für die grundlegende Funktionalität unserer Website. Zum anderen können wir mit Hilfe der Cookies unsere Inhalte für Sie immer weiter verbessern. Hierzu werden pseudonymisierte Daten von Website-Besuchern gesammelt und ausgewertet. Das Einverständnis in die Verwendung der technisch nicht notwendigen Cookies können Sie jeder Zeit wiederrufen. Weitere Informationen erhalten Sie auf unseren Seiten zum Datenschutz.

Erforderlich

Diese Cookies werden für eine reibungslose Funktion unserer Website benötigt.

Statistik

Für den Zweck der Statistik betreiben wir die Plattform Matomo, auf der mittels pseudonymisierter Daten von Websitenutzern der Nutzerfluss analysiert und beurteilt werden kann. Dies gibt uns die Möglichkeit Websiteinhalte zu optimieren.

Name Zweck Ablauf Typ Anbieter
_pk_id Wird verwendet, um ein paar Details über den Benutzer wie die eindeutige Besucher-ID zu speichern. 13 Monate HTML Matomo
_pk_ref Wird benutzt, um die Informationen der Herkunftswebsite des Benutzers zu speichern. 6 Monate HTML Matomo
_pk_ses Kurzzeitiges Cookie, um vorübergehende Daten des Besuchs zu speichern. 30 Minuten HTML Matomo