The Transactions of the Korea Information Processing Society (정보처리학회 논문지)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Performance Evaluation and Consideration of Shadow Stack on RISC-V Architecture

RISC-V 아키텍처 상에서의 쉐도우 스택 성능 평가 및 고찰

  • Kang Ha Young ;
  • Han Go Won ;
  • Park Sung Hwan ;
  • Kwon Dong Hyun
  • 강하영 (부산대학교 정보융합공학과) ;
  • 한고원 (부산대학교 정보컴퓨터공학부) ;
  • 박성환 (부산대학교 정보융합공학과) ;
  • 권동현 (부산대학교 정보컴퓨터공학부)
  • Received : 2024.07.11
  • Accepted : 2024.07.23
  • Published : 2024.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

RISC-V is an open-source instruction set architecture, used in various hardware implementations, and can be flexibly expanded to meet system requirements through the RV64I base instruction set and 16 standard extensions. Currently, the RISC-V architecture employs the shadow stack technique to protect return addresses. This paper compares the performance of the compact shadow stack mechanism and the parallel shadow stack mechanism in the RISC-V architecture using the SPEC CPU 2017 and beebs benchmarks. Experimental results show that the parallel shadow stack mechanism exhibits higher overhead than the compact shadow stack mechanism. This suggests that the efficiency of the parallel mechanism is reduced due to the limitations of the RISC-V architecture, making the compact shadow stack more suitable for RISC-V. Additionally, this paper identifies the security limitations of the existing RISC-V shadow stack and proposes directions for enhancing the performance and security of shadow stack mechanisms to ensure a secure execution environment for RISC-V.

RISC-V는 오픈소스 명령어 집합 아키텍처로, 다양한 하드웨어 구현에서 사용되며, RV64I 기본 명령어 집합과 16개의 표준 확장을 통해 시스템 요구 사항에 맞게 유연하게 확장할 수 있다. 현재 RISC-V 아키텍처에서는 반환 주소를 보호하기 위해 쉐도우 스택 기법을 사용하고 있다. 본 논문에서는 RISC-V 아키텍처에서 컴팩트 쉐도우 스택 메커니즘과 병렬 쉐도우 스택 메커니즘의 성능을 SPEC CPU 2017 및 beebs 벤치마크를 사용하여 비교하였다. 실험 결과, 병렬 쉐도우 스택 메커니즘이 컴팩트 쉐도우 스택 메커니즘보다 더 높은 오버헤드를 보이는 것으로 나타났다. 이는 RISC-V 아키텍처의 한계로 인해 병렬 메커니즘의 효율성이 떨어짐을 시사하며, 따라서 컴팩트 쉐도우 스택이 RISC-V 아키텍처에 더 적합함을 보여준다. 또한 본 논문에서 기존 RISC-V 쉐도우 스택의 보안상 한계를 파악하고, RISC-V의 안전한 수행 환경을 보장하기 위해 쉐도우 스택 메커니즘의 성능과 보안성을 향상시키는 방향을 제시한다.

Keywords

Acknowledgement

이 과제는 부산대학교 기본연구지원사업(2년) 의하여 연구되었음.

References

  1. Y. Lee et al., "An agile approach to building RISC-V microprocessors," IEEE Micro, Vol.36, No.2, pp.8-20, 2016.
  2. A. Dorflinger et al., "A comparative survey of open-source application-class RISC-V processor implementations," In Proceedings of the 18th ACM International Conference on Computing Frontiers, pp.12-20, 2021.
  3. T. Chen and D. A. Patterson, "Risc-v geneology," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-6, 2016.
  4. C. Rodrigues, I. Marques, S. Pinto, T. Gomes, and A. Tavares, "Towards a heterogeneous fault-tolerance architecture based on arm and RISC-V processors," InIECON 2019-45th Annual Conference of the IEEE Industrial Electronics Society, IEEE, Vol.1, pp.3112-3117, 2019.
  5. D. Kanter, "RISC-V offers simple, modular ISA," Microprocessor Report, Vol.1, pp.1-5, 2016.
  6. William Li, Dale Gai, "RISC-V to Shake up $8.6-Billion $8.6-Billion Semiconductor IP Market," September 13, 2021 [online] https://www.counterpointresearch.com/insights/riscv-semiconductor-ip-market-2025/
  7. J. Jung, B. Kim, J. Cho, and B. Lee, "A secure platform model based on ARM platform security architecture for IoT devices," IEEE Internet of Things Journal, Vol.9, No.7, pp.5548-60, 2021
  8. M, Huang and C. Song, "ARMPatch: A binary patching framework for ARM-based IoT devices," Journal of Web Engineering, Vol.20, No.6, pp.1829-52, 2021.
  9. S. Yu, W. Chen, L. Li, and J. Qin, "Development of ARM-based embedded system for robot applications," In 2006 IEEE Conference on Robotics, Automation and Mechatronics, IEEE, pp.1-6, 2006.
  10. M, Poorhosseini, W, Nebel, and K. Gruttner, "A compiler comparison in the risc-v ecosystem, In 2020 International Conference on Omni-layer Intelligent Systems (COINS), IEEE, pp.1-6, 2020.
  11. G, Gomez-Sanchez et al., "Challenges and opportunities for RISC-V architectures towards genomics-based workloads," InInternational Conference on High Performance Computing, Cham: Springer Nature Switzerland, pp.458-471, 2023.
  12. J. Zhou, Y. Du, Z, Shen, L, Ma, J, Criswell, and R. J. Walls, "Silhouette: Efficient protected shadow stacks for embedded systems," In 29th USENIX Security Symposium (USENIX Security 20), pp.1219-1236, 2020.
  13. M, Prandini and M. Ramilli, "Return-oriented programming," IEEE Security & Privacy, Vol.10, No.6, pp.84-7, 2012.
  14. J. Li, L. Chen, Q. Xu, L. Tian, G. Shi, K. Chen, and D. Meng, "Zipper stack: Shadow stacks without shadow," In European Symposium on Research in Computer Security, Cham: Springer International Publishing, pp.338-358, 2020.
  15. C. Zou, Y. Gao, and J. Xue, "Practical software-based shadow stacks on x86-64," ACM Transactions on Architecture and Code Optimization, Vol.19, No.4, pp.1-26, 2022.
  16. N. Burow, X. Zhang, and M. Payer. "SoK: Shining light on shadow stacks," In Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2019.
  17. N. M. Qui, C. H. Lin, and P. Chen, "Design and implementation of a 256-bit RISC-V-Based dynamically scheduled very long instruction word on FPGA," IEEE Access, Vol.8, pp.172996-173007, 2020.
  18. B. V. Patel, "A Technical Look at Intel's Control-Flow Enforcement Technology," 2020. [online] https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html?wapkw=control-flow%20enforcement%20technology
  19. M. Xie et al., "CETIS: Retrofitting Intel CET for generic and efficient intra-process memory isolation," in Proc. 29th ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), pp.2989-3002, 2022, doi: 10.1145/3548606.3559344
  20. H. Kim, J. Lee, S. Kim, S. Jung, and S. K. Cha, "How'd security benefit reverse engineers? the implication of intel cet on function identification," In Proceedings of the International Conference on Dependable Systems Networks, pp.559-566, 2022.
  21. H. Liljestrand, T. Nyman, K. Wang, C. C. Perez, J. E. Ekberg, and N. Asokan, "PAC it up: Towards pointer integrity using ARM pointer authentication," In USENIX Security '19. USENIX Association.
  22. S. Yoo, J. Park, S. Kim, Y. Kim, and T. Kim, "In-kernel control-flow integrity on commodity oses using ARM pointer authentication," In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, K. R. B. Butler and K. Thomas, Eds., USENIX Association, pp. 89-106, 2022.