A Static CFG Extraction Scheme for RISC-V Runtime CFI

Abstract

The Control Flow Graph represents all possible paths a program may take during execution. Control Flow Integrity is a critical concern in embedded system security, and the CFG can be integrated with hardware circuit design to validate CFI. In this paper, we present a static CFG extraction scheme for RISC-V program based on the executable files. During the construction of CFGs, information such as instructions in each basic blocks, basic block length, transfer instructions of basic blocks, and transfer targets can be extracted. Additionally, data such as hash values for basic blocks can be calculated. Those metadata elements are sensitive information for the subsequent runtime CFI check. We use this extraction scheme to perform static analysis on several benchmark programs, and experimental results demonstrate that this scheme can generate correct CFGs and key sensitive information for runtime CFI verification.