Documentation
BIN
Documentation/Ecran.png
Normal file
After Width: | Height: | Size: 78 KiB |
BIN
Documentation/Etage1_Instructions_NS.png
Normal file
After Width: | Height: | Size: 164 KiB |
BIN
Documentation/Etage1_LectureIbstruction.png
Normal file
After Width: | Height: | Size: 138 KiB |
BIN
Documentation/Etage2_5_Registres.png
Normal file
After Width: | Height: | Size: 57 KiB |
BIN
Documentation/Etage3_Calcul.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
Documentation/Etage4_Memoire.png
Normal file
After Width: | Height: | Size: 43 KiB |
BIN
Documentation/Etage4_Memoire_NS.png
Normal file
After Width: | Height: | Size: 52 KiB |
BIN
Documentation/Keyboard.png
Normal file
After Width: | Height: | Size: 27 KiB |
BIN
Documentation/KeyboardControler.png
Normal file
After Width: | Height: | Size: 66 KiB |
BIN
Documentation/KeyboardDriver.png
Normal file
After Width: | Height: | Size: 44 KiB |
BIN
Documentation/PeripheriqueClavier.png
Normal file
After Width: | Height: | Size: 18 KiB |
BIN
Documentation/PeripheriqueEcran.png
Normal file
After Width: | Height: | Size: 21 KiB |
BIN
Documentation/Pipeline.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
Documentation/Pipeline_NS.png
Normal file
After Width: | Height: | Size: 32 KiB |
BIN
Documentation/ProcessorInstructions.pdf
Normal file
BIN
Documentation/ScreenDriver.png
Normal file
After Width: | Height: | Size: 47 KiB |
BIN
Documentation/System.png
Normal file
After Width: | Height: | Size: 36 KiB |
BIN
Documentation/VGAControler.png
Normal file
After Width: | Height: | Size: 48 KiB |
128
readme.txt
Normal file
|
@ -0,0 +1,128 @@
|
||||||
|
Team number: xohw22-028
|
||||||
|
|
||||||
|
Project name: Securised processor for IoT - Mitigating buffer overflow based attacks
|
||||||
|
|
||||||
|
Link to YouTube Video(s):
|
||||||
|
|
||||||
|
Link to project repository: https://git.etud.insa-toulouse.fr/pfaure/PSI.git
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
University name: INSA Toulouse
|
||||||
|
|
||||||
|
Participant(s): Paul Faure
|
||||||
|
|
||||||
|
Email: pfaure@insa-toulouse.fr
|
||||||
|
|
||||||
|
Supervisor name: Daniela Dragomirescu
|
||||||
|
|
||||||
|
Supervisor e-mail: daniela@laas.fr
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Board used: Basys3
|
||||||
|
|
||||||
|
Software Version: Vivado 2018.2
|
||||||
|
|
||||||
|
Brief description of project:
|
||||||
|
A secure processor for IoT.
|
||||||
|
The processor has two stacks, one of which is reserved for return addresses and context.
|
||||||
|
This stack is only accessible by the CALL and RET instructions.
|
||||||
|
Thus, a buffer overflow (MOV and COPY instructions) cannot modify this stack.
|
||||||
|
It is therefore impossible to divert the program to a malicious function.
|
||||||
|
|
||||||
|
The project includes the processor and the associated compiler.
|
||||||
|
The compilation phase is done in two steps:
|
||||||
|
The C file is compiled to a memory-oriented assembly language.
|
||||||
|
Then, the cross assembler converts it to the register-oriented assembly language of the processor, then, to a binary program.
|
||||||
|
The binary file can then be written in the memory (source code) of the processor.
|
||||||
|
It only remains to synthesize, implement, generate the bitstream, and flash the FPGA.
|
||||||
|
|
||||||
|
|
||||||
|
Description of archive (explain directory structure, documents and source files):
|
||||||
|
|
||||||
|
|
||||||
|
├───Documentation
|
||||||
|
├───PSI
|
||||||
|
│ ├───Compilateur
|
||||||
|
│ ├───CrossAssembleur
|
||||||
|
│ ├───Interpreteur
|
||||||
|
│ ├───InterpreteurRegistres
|
||||||
|
│ ├───Processeur
|
||||||
|
│ │ Makefile
|
||||||
|
│ │ prog_vulnerable.c
|
||||||
|
│ │ ReadMe.md
|
||||||
|
│ readme.txt
|
||||||
|
│ report.pdf
|
||||||
|
|
||||||
|
The Documentation folder contains diagrams related to each VHDL component, it also contains the list of instructions supported by the processor.
|
||||||
|
The PSI folder contains the source codes of the project.
|
||||||
|
The PSI/Compilateur folder contains the source codes of the C compiler associated with the processor.
|
||||||
|
The PSI/CrossAssembleur folder gathers the source codes of the crossassembler allowing to add the management of the registers.
|
||||||
|
The PSI/Interpreteur folder contains the source codes of an interpreter that can interpret the assembly output of the compiler.
|
||||||
|
The PSI/InterpreteurRegistres folder gathers the source codes of an interpreter which can interpret the assembly output of the crossassembler
|
||||||
|
The PSI/Processeur folder contains the VHDL source codes of the processor.
|
||||||
|
In the PSI folder is also provided :
|
||||||
|
A Makefile to simplify the use of the project.
|
||||||
|
An example of a C program containing a deliberate vulnerability to a buffer overflow attack.
|
||||||
|
A ReadMe.md detailing how the project works.
|
||||||
|
In the archive is also provided :
|
||||||
|
This document.
|
||||||
|
A more detailed report of the project.
|
||||||
|
|
||||||
|
|
||||||
|
Instructions to build and test project
|
||||||
|
|
||||||
|
Step 1: Hardware setup. Connect a keyboard to the USB port and a screen to the VGA port of the FPGA. Connect the FPGA to your PC thanks to USB cable.
|
||||||
|
|
||||||
|
Step 2: Open a terminal and move to the PSI folder.
|
||||||
|
|
||||||
|
Step 3: Configure project as unsecure (without double stack). "make unsecure"
|
||||||
|
|
||||||
|
Step 4: Build all the project. "make build WHAT="all""
|
||||||
|
|
||||||
|
Step 5: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
|
||||||
|
|
||||||
|
Step 6: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
|
||||||
|
|
||||||
|
Step 7: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
|
||||||
|
|
||||||
|
Observation 1: You should see "Program begin" and "Please enter a value:" on screen.
|
||||||
|
|
||||||
|
Step 8: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
|
||||||
|
|
||||||
|
Observation 2: If you have entered 110, you should see:
|
||||||
|
|
||||||
|
YOU'VE BEEN HACKED
|
||||||
|
(__)
|
||||||
|
(|) (00)
|
||||||
|
|--(__)
|
||||||
|
| _| _|\__/
|
||||||
|
Yark Yark Yark
|
||||||
|
|
||||||
|
Step 9: Close Vivado
|
||||||
|
|
||||||
|
Step 10: Configure project as secure (with double stack). "make secure"
|
||||||
|
|
||||||
|
Step 11: Build all the project. "make build WHAT="all""
|
||||||
|
|
||||||
|
Step 12: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
|
||||||
|
|
||||||
|
Step 13: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
|
||||||
|
|
||||||
|
Step 14: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
|
||||||
|
|
||||||
|
Observation 3: You should see "Program begin" and "Please enter a value:" on screen.
|
||||||
|
|
||||||
|
Step 15: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
|
||||||
|
|
||||||
|
Observation 4: If you have entered 110, you should see:
|
||||||
|
|
||||||
|
Legitimate function
|
||||||
|
a=0x6E
|
||||||
|
|
||||||
|
Conclusion: Thanks to our secure processor, it is impossible to divert the program to a malicious function.
|
||||||
|
However, buffer overflow can modify some variables because they are stored in the same memory area as the buffer.
|
||||||
|
|
||||||
|
|
||||||
|
...
|