Confidaent: Control FLow protection with Instruction and Data Authenticated Encryption

Abstract

Computing devices became part of our daily world. But being physically accessible they are exposed to a very large panel of physical attacks, which are most of the time underestimated. These systems must include protections against these attacks in order to keep user data secret and safe. In this work, we argue that addressing the security requirements of embedded processors with independent countermeasures is not the most efficient strategy and may introduce security flaws in the process. Instead, we suggest a more monolithic approach to security design. Following this idea, we propose a new efficient and flexible memory encryption & authentication mechanism called CONFIDAENT, that can protect code and data in embedded processors. On the top of this primitive, we build a strong Control Flow Integrity (CFI) countermeasure. We describe a RISC-V instruction set extension to support these mechanisms and the compiler support needed in the LLVM framework. This new countermeasure is developed on a modified RISCY RISCV core and its performances are evaluated on a FPGA target. We conclude that a truly high-security can be achieved, with an overhead factor of $\times 2.66$ up to $\times 3.73$ on execution time of benchmarks programs.