IScanU: A Portable Scanner for Undocumented Instructions on RISC Processors

Rens Dofferhoff, Michael Göebel, Kristian Rietveld, Erik Van Der Kouwe

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

98 Downloads (Pure)

Abstract

Undocumented and faulty CPU instructions can cause undefined behavior and system instability, impairing software efforts such as OS crash recovery and resilience, and system security. Although often not considered, the identification of such undocumented instructions is critical. We present a portable RISC instruction scanner that is able to search for undocumented instructions on a wide range of RISC architectures, empowering users to verify the reliable and secure operation of their systems. We propose two methods to look for undocumented instructions. Both attempt to execute a single instruction word in a controlled manner, regaining control afterwards. Subsequently, we determine if the instruction word is considered valid by the processor, comparing this result to the processor's ISA specification. Our prototype scanner can scan multiple ARMv8 and RISC-V systems. Various inconsistencies were discovered in the QEMU emulator and disassemblers used as ground truth. Furthermore, we found an undocumented instruction on a RISC-V chip.

Original languageEnglish
Title of host publication2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Subtitle of host publication[Proceedings]
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages306-317
Number of pages12
ISBN (Electronic)9781728158099
ISBN (Print)9781728158105
DOIs
Publication statusPublished - 31 Jul 2020
Event50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2020 - Valencia, Spain
Duration: 29 Jun 20202 Jul 2020

Conference

Conference50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2020
Country/TerritorySpain
CityValencia
Period29/06/202/07/20

Keywords

  • Hardware security
  • Instruction Scanning
  • Undocumented Instructions

Fingerprint

Dive into the research topics of 'IScanU: A Portable Scanner for Undocumented Instructions on RISC Processors'. Together they form a unique fingerprint.

Cite this