LiFi-CFI: Light-weight Fine-grained Hardware CFI Protection for RISC-V

In today’s open-source industry, RISC-V based embedded devices are used in various applications where security is critical. RISC-V processors are vulnerable to many runtime attacks, including powerful code reuse and code injection in jump/return-oriented programming (JOP/ROP), known as control flow attacks (CFA). For this, several security techniques have been proposed to protect embedded devices from CFA, and one of the most secure categories is Control Flow Integrity (CFI). Alternative techniques consider the tradeoff between runtime hardware overhead and security protection. In particular, hardware-based techniques have attracted more attention in recent years because they consume less power and have less runtime overhead, which is critical in embedded systems. Considering these constraints, we have proposed a novel fine-grained technique for jump-oriented programming, where the required memory is replaced with a short Programmable Array Logic (PAL) to reduce runtime and hardware overhead. Also, a low-overhead shadow stack is proposed for return-oriented programming to reduce the required memory capacity compared to the traditional shadow stack implementation by handling the recursive function calls. The proposed Architecture called LiFi-CFI, is a lightweight hardware monitoring solution that can be attached to any IoT-class soft processor. LiFi-CFI not only reduces power consumption and hardware overhead compared to other advanced solutions but also maintains the security guarantees of the main CFI solution. It is a compact solution as a countermeasure with less than 1% hardware resource utilization for Xilinx Artix7 and 0.5% runtime overhead.