Mitigating Code Reuse Attacks on RISC-V Binaries: Minimizing Gadget Availability using the Compressed Extension

Author

Heitor Vieira

Date of Award

12-2024

Document Type

Thesis

Degree Name

Master of Science in Cyber Operations

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

Embedded systems are vital in civilian and military applications, requiring high performance and security. The open RISC-V Instruction Set Architecture (ISA) offers significant advantages, including security through community review and strategic independence in microchip supplies. Brazil’s recent partnership with RISC-V highlights its potential for national technological sovereignty. However, RISC-V is not inherently resistant to code reuse attacks (CRAs), highlighting the need to integrate security measures early in development. The RISC-V Compressed extension, while beneficial for optimizing performance and code flexibility, introduces security trade-offs. As RISC-V adoption grows, particularly in critical systems, addressing these security challenges from the start is crucial for secure deployment.

AFIT Designator

AFIT-ENG-MS-24-D-003

Comments

Approved for public release. Distribution unlimited. PA case number on file.

A 12-month embargo was observed for posting this document.

Recommended Citation

Vieira, Heitor, "Mitigating Code Reuse Attacks on RISC-V Binaries: Minimizing Gadget Availability using the Compressed Extension" (2024). Theses and Dissertations. 8195.
https://scholar.afit.edu/etd/8195