Value-set Analysis for RISC-V: Detecting Bitflip Vulnerabilities

Studenteropgave: Kandidatspeciale og HD afgangsprojekt

  • Ida Thoft Christiansen
  • Lena Said Ernstsen
4. semester, Software, Kandidat (Kandidatuddannelse)
Bitflip attacks have been shown to be a real-life security issue, as demonstrated on the PAM mechanism. Thus, this report concerns a proof of concept for detecting bitflip vulnerabilities in RISC-V programs using a value-set analysis. This is achieved by formalizing the RISC-V language and creating fault models describing different bitflip attacks. Based on this formalization, a value-set analysis is defined that utilizes the monotone framework. In the analysis, we have defined a domain, which has been shown to be a complete lattice, as well as monotone transfer functions for all instructions. The defined analysis is implemented as a tool called BitflipperVild. BitflipperVild is shown to be able to detect all register-relevant bitflip vulnerabilities in the programs found in the collection FISSC. Thus, we are able to use our tool to show that some possible bitflips can result in an attacker reaching a privileged point without authentication.
Udgivelsesdato9 jun. 2023
Antal sider70


ID: 533880040