Arbitrary code execution on RISC-V using fault injection | Praveen Vadnala & Nils Wiersma | Nullcon
Title: -------------- Arbitrary code execution on RISC-V using fault injection | Praveen Vadnala & Nils Wiersma | Nullcon International Security Conference March 2021 Abstract: ----------------- RISC-V is a new, free and open Instruction Set Architecture (ISA), that is becoming increasingly popular in the recent past. In RISC-V ISA, it is not possible to directly access Program Counter (PC), unlike other widely used architectures such as AArch32. Hence, corrupting a RISC-V instruction in order to to store the payload address into PC directly using fault injection is not possible. In this research, we propose alternative techniques to gain code execution using fault attacks by targeting the instructions that change the control flow of a program. They include corrupting return address register, stack pointer register, among others. Based on the experimental results, we identify new fault models that that can not be explained using the programmer model of the ISA but requires understanding of the underlying hardware implementation. We demonstrate the practicality of these attacks on a commercially available RISC-V SoC. These results have wide-ranging implications on the security of embedded devices against attackers with physical access to the device, most notably the secure boot. Speaker Bio: --------------------- Praveen Vadnala is a Senior Security Analyst at Riscure, Delft, the Netherlands. His work is mostly focused on analyzing and testing the security of embedded devices. He holds a Ph.D. in computer science from University of Luxembourg, Luxembourg. His research interests are related to side-channel and fault-injection attacks and their countermeasures. He co-authored and presented papers at several conferences including CHES, FSE and RSA conference. Nils Wiersma, after receiving his BSc. degree in general Computing Science at the University of Groningen, moved on to pursue a MSc. degree in the field of Cyber Security offered in a joint-venture between the Radboud University of Nijmegen and Eindhoven University of Technology. During the thesis stage of this master's degree, he focused specifically on embedded security in the automotive context. Now, he works at Riscure as a Senor Security Analyst. #Risc_V #Payload #ISA #SoC ------------------------------------------------- Follow nullcon on Facebook: / nullcon Twitter: / nullcon LinkedIn: / nullcon Website: https://nullcon.net
2022 - Fault Injection on a modern multicore System on Chip
FPGAs Aren’t Processors (Unless You Want Them to Be) || FPGA Deep Dive and Use
Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
Tech Startups/Businesses and Infonomics | CXO Panel | Nullcon Security Conference March 2021
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
Programming in Assembly without an Operating System
Stackmaxxing for a recursion world record
Deep Dive into LLMs like ChatGPT
how did we make deepseek outperform opus 4.7?
The World's Most Important Machine
I made a GPU at home
How Google Translate Exposed Russia's Secret Army
ASMR Best Triggers For Sleep Collection (No Talking) 3 Hours of Tapping & Scratching
But what is the Fourier Transform? A visual introduction.
Harder Drive: Hard drives we didn't want or need
Hardwear.io NL 2023 | Automated Fault Injection Attacks On Embedded Devices - Enrico Pozzobon & Nils
Should You Still Become a Software Engineer in 2026? GitHub VP
