Subject area 1: RISC-V core

VexRiscv is an open source implementation of a 32-bit RISC-V core written in SpinalHDL, a Scala library that allows abstract RTL descriptions of hardware components. The high abstraction level and modularity allows an easy extension of the core. Possible master thesis topics are the extension of the core with certain security features. Example topics are listed below:

1a) Return-address authentication on a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

This new method uses secure hashes to chain return addresses together, making it impossible for an attacker to modify them without being detected. For a 64-bit system this hash is saved in the unused bits of the return pointer itself. On a 32-bit system this is not possible.

Research Question:

Based on the given concept of the 64-bit implementation, the student should find a suitable solution for the 32-bit core. The solution should be implemented using SpinalHDL and evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)
1b) A shadow stack implementation for a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

Shadow stacks are used to detect malicious changes of return addresses on the stack by implementing a second hidden stack where a copy of all return addresses is stored. In the literature different implementations for shadow stacks are discussed.

Research Question:

The student should evaluate different approaches and choose one possibility. The chosen variant should be implemented as an extension for a 32-bit RISC-V core and evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • Basic memory management,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)
1c) A label-based forward-edge control-flow integrity extension for a 32-bit RISC-V core

(Master – immediately – 6 months)

Motivation:

Modifications of function pointers are used to change the control flow and achieve a malicious behaviour. Labels, as part of the program code, can be used to ensure a call/jump targets the intended address. Setting and checking labels with dedicated instructions can help to reduce the overhead for this technique.

Research Question:

After literature research the student should make a selection of instructions to assist label-based control-flow integrity. These instructions should be implemented for a RISC-V processor using SpinalHDL. The results should be evaluated on a FPGA.

Requirements:

Interested students should have

  • Understood the concept of code-reuse attacks,
  • A general understanding of processor architectures, and
  • Experience with HDLs is recommended.

Recommended modules:

  • 11897 | Security of Resource-constraint Systems

Supervisor:

  • Kai Lehniger M.Sc. (lehniger@ihp-microelectronics.com)

Contact:

  • Elisabeth Vogel M.Sc. (vogel@ihp-microelectronics.com)

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.

Mandatory

These cookies are needed for a smooth operation of our website.

statistic

Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo