Browse Source

Documentation

Paul Faure 1 year ago
commit
33b494aff7

BIN
Documentation/Ecran.png View File


BIN
Documentation/Etage1_Instructions_NS.png View File


BIN
Documentation/Etage1_LectureIbstruction.png View File


BIN
Documentation/Etage2_5_Registres.png View File


BIN
Documentation/Etage3_Calcul.png View File


BIN
Documentation/Etage4_Memoire.png View File


BIN
Documentation/Etage4_Memoire_NS.png View File


BIN
Documentation/Keyboard.png View File


BIN
Documentation/KeyboardControler.png View File


BIN
Documentation/KeyboardDriver.png View File


BIN
Documentation/PeripheriqueClavier.png View File


BIN
Documentation/PeripheriqueEcran.png View File


BIN
Documentation/Pipeline.png View File


BIN
Documentation/Pipeline_NS.png View File


BIN
Documentation/ProcessorInstructions.pdf View File


BIN
Documentation/ScreenDriver.png View File


BIN
Documentation/System.png View File


BIN
Documentation/VGAControler.png View File


+ 128
- 0
readme.txt View File

@@ -0,0 +1,128 @@
1
+Team number: xohw22-028
2
+
3
+Project name: Securised processor for IoT - Mitigating buffer overflow based attacks
4
+
5
+Link to YouTube Video(s):
6
+
7
+Link to project repository: https://git.etud.insa-toulouse.fr/pfaure/PSI.git
8
+
9
+ 
10
+
11
+University name: INSA Toulouse
12
+
13
+Participant(s): Paul Faure
14
+
15
+Email: pfaure@insa-toulouse.fr
16
+
17
+Supervisor name: Daniela Dragomirescu
18
+
19
+Supervisor e-mail: daniela@laas.fr
20
+
21
+ 
22
+
23
+Board used: Basys3
24
+
25
+Software Version: Vivado 2018.2
26
+
27
+Brief description of project: 
28
+A secure processor for IoT. 
29
+The processor has two stacks, one of which is reserved for return addresses and context.
30
+This stack is only accessible by the CALL and RET instructions. 
31
+Thus, a buffer overflow (MOV and COPY instructions) cannot modify this stack.
32
+It is therefore impossible to divert the program to a malicious function.
33
+
34
+The project includes the processor and the associated compiler. 
35
+The compilation phase is done in two steps: 
36
+The C file is compiled to a memory-oriented assembly language. 
37
+Then, the cross assembler converts it to the register-oriented assembly language of the processor, then, to a binary program.
38
+The binary file can then be written in the memory (source code) of the processor.
39
+It only remains to synthesize, implement, generate the bitstream, and flash the FPGA.
40
+
41
+
42
+Description of archive (explain directory structure, documents and source files):
43
+
44
+
45
+├───Documentation
46
+├───PSI
47
+│   ├───Compilateur
48
+│   ├───CrossAssembleur
49
+│   ├───Interpreteur
50
+│   ├───InterpreteurRegistres
51
+│   ├───Processeur
52
+│   │   Makefile
53
+│   │   prog_vulnerable.c
54
+│   │   ReadMe.md
55
+│   readme.txt
56
+│   report.pdf
57
+
58
+The Documentation folder contains diagrams related to each VHDL component, it also contains the list of instructions supported by the processor. 
59
+The PSI folder contains the source codes of the project.
60
+The PSI/Compilateur folder contains the source codes of the C compiler associated with the processor.
61
+The PSI/CrossAssembleur folder gathers the source codes of the crossassembler allowing to add the management of the registers.
62
+The PSI/Interpreteur folder contains the source codes of an interpreter that can interpret the assembly output of the compiler.
63
+The PSI/InterpreteurRegistres folder gathers the source codes of an interpreter which can interpret the assembly output of the crossassembler
64
+The PSI/Processeur folder contains the VHDL source codes of the processor.
65
+In the PSI folder is also provided :
66
+	A Makefile to simplify the use of the project.
67
+	An example of a C program containing a deliberate vulnerability to a buffer overflow attack.
68
+	A ReadMe.md detailing how the project works.
69
+In the archive is also provided : 
70
+	This document.
71
+	A more detailed report of the project.
72
+
73
+
74
+Instructions to build and test project
75
+
76
+Step 1: Hardware setup. Connect a keyboard to the USB port and a screen to the VGA port of the FPGA. Connect the FPGA to your PC thanks to USB cable.
77
+
78
+Step 2: Open a terminal and move to the PSI folder.
79
+
80
+Step 3: Configure project as unsecure (without double stack). "make unsecure"
81
+
82
+Step 4: Build all the project. "make build WHAT="all""
83
+
84
+Step 5: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
85
+
86
+Step 6: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
87
+
88
+Step 7: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
89
+
90
+Observation 1: You should see "Program begin" and "Please enter a value:" on screen.
91
+
92
+Step 8: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
93
+
94
+Observation 2: If you have entered 110, you should see:
95
+
96
+YOU'VE BEEN HACKED
97
+       (__)
98
+   (|) (00)
99
+    |--(__)  
100
+    | _| _|\__/
101
+  Yark Yark Yark
102
+
103
+Step 9: Close Vivado
104
+
105
+Step 10: Configure project as secure (with double stack). "make secure"
106
+
107
+Step 11: Build all the project. "make build WHAT="all""
108
+
109
+Step 12: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
110
+
111
+Step 13: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
112
+
113
+Step 14: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
114
+
115
+Observation 3: You should see "Program begin" and "Please enter a value:" on screen.
116
+
117
+Step 15: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
118
+
119
+Observation 4: If you have entered 110, you should see:
120
+
121
+Legitimate function
122
+a=0x6E
123
+
124
+Conclusion: Thanks to our secure processor, it is impossible to divert the program to a malicious function. 
125
+However, buffer overflow can modify some variables because they are stored in the same memory area as the buffer.
126
+
127
+
128
+...

BIN
report.pdf View File


Loading…
Cancel
Save