Abstract
Undocumented and faulty CPU instructions can cause undefined behavior and system instability, impairing software efforts such as OS crash recovery and resilience, and system security. Although often not considered, the identification of such undocumented instructions is critical. We present a portable RISC instruction scanner that is able to search for undocumented instructions on a wide range of RISC architectures, empowering users to verify the reliable and secure operation of their systems. We propose two methods to look for undocumented instructions. Both attempt to execute a single instruction word in a controlled manner, regaining control afterwards. Subsequently, we determine if the instruction word is considered valid by the processor, comparing this result to the processor's ISA specification. Our prototype scanner can scan multiple ARMv8 and RISC-V systems. Various inconsistencies were discovered in the QEMU emulator and disassemblers used as ground truth. Furthermore, we found an undocumented instruction on a RISC-V chip.
Original language | English |
---|---|
Title of host publication | 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
Subtitle of host publication | [Proceedings] |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 306-317 |
Number of pages | 12 |
ISBN (Electronic) | 9781728158099 |
ISBN (Print) | 9781728158105 |
DOIs | |
Publication status | Published - 31 Jul 2020 |
Event | 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2020 - Valencia, Spain Duration: 29 Jun 2020 → 2 Jul 2020 |
Conference
Conference | 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2020 |
---|---|
Country/Territory | Spain |
City | Valencia |
Period | 29/06/20 → 2/07/20 |
Keywords
- Hardware security
- Instruction Scanning
- Undocumented Instructions