Documentation

readme.txt

@@ -0,0 +1,128 @@
+Team number: xohw22-028
+
+Project name: Securised processor for IoT - Mitigating buffer overflow based attacks
+
+Link to YouTube Video(s):
+
+Link to project repository: https://git.etud.insa-toulouse.fr/pfaure/PSI.git
+
+ 
+
+University name: INSA Toulouse
+
+Participant(s): Paul Faure
+
+Email: pfaure@insa-toulouse.fr
+
+Supervisor name: Daniela Dragomirescu
+
+Supervisor e-mail: daniela@laas.fr
+
+ 
+
+Board used: Basys3
+
+Software Version: Vivado 2018.2
+
+Brief description of project: 
+A secure processor for IoT. 
+The processor has two stacks, one of which is reserved for return addresses and context.
+This stack is only accessible by the CALL and RET instructions. 
+Thus, a buffer overflow (MOV and COPY instructions) cannot modify this stack.
+It is therefore impossible to divert the program to a malicious function.
+
+The project includes the processor and the associated compiler. 
+The compilation phase is done in two steps: 
+The C file is compiled to a memory-oriented assembly language. 
+Then, the cross assembler converts it to the register-oriented assembly language of the processor, then, to a binary program.
+The binary file can then be written in the memory (source code) of the processor.
+It only remains to synthesize, implement, generate the bitstream, and flash the FPGA.
+
+
+Description of archive (explain directory structure, documents and source files):
+
+
+├───Documentation
+├───PSI
+│   ├───Compilateur
+│   ├───CrossAssembleur
+│   ├───Interpreteur
+│   ├───InterpreteurRegistres
+│   ├───Processeur
+│   │   Makefile
+│   │   prog_vulnerable.c
+│   │   ReadMe.md
+│   readme.txt
+│   report.pdf
+
+The Documentation folder contains diagrams related to each VHDL component, it also contains the list of instructions supported by the processor. 
+The PSI folder contains the source codes of the project.
+The PSI/Compilateur folder contains the source codes of the C compiler associated with the processor.
+The PSI/CrossAssembleur folder gathers the source codes of the crossassembler allowing to add the management of the registers.
+The PSI/Interpreteur folder contains the source codes of an interpreter that can interpret the assembly output of the compiler.
+The PSI/InterpreteurRegistres folder gathers the source codes of an interpreter which can interpret the assembly output of the crossassembler
+The PSI/Processeur folder contains the VHDL source codes of the processor.
+In the PSI folder is also provided :
+	A Makefile to simplify the use of the project.
+	An example of a C program containing a deliberate vulnerability to a buffer overflow attack.
+	A ReadMe.md detailing how the project works.
+In the archive is also provided : 
+	This document.
+	A more detailed report of the project.
+
+
+Instructions to build and test project
+
+Step 1: Hardware setup. Connect a keyboard to the USB port and a screen to the VGA port of the FPGA. Connect the FPGA to your PC thanks to USB cable.
+
+Step 2: Open a terminal and move to the PSI folder.
+
+Step 3: Configure project as unsecure (without double stack). "make unsecure"
+
+Step 4: Build all the project. "make build WHAT="all""
+
+Step 5: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
+
+Step 6: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
+
+Step 7: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
+
+Observation 1: You should see "Program begin" and "Please enter a value:" on screen.
+
+Step 8: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
+
+Observation 2: If you have entered 110, you should see:
+
+YOU'VE BEEN HACKED
+       (__)
+   (|) (00)
+    |--(__)  
+    | _| _|\__/
+  Yark Yark Yark
+
+Step 9: Close Vivado
+
+Step 10: Configure project as secure (with double stack). "make secure"
+
+Step 11: Build all the project. "make build WHAT="all""
+
+Step 12: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable""
+
+Step 13: Open Vivado, load the PSI/Processeur/Processeur.xpr project.
+
+Step 14: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device.
+
+Observation 3: You should see "Program begin" and "Please enter a value:" on screen.
+
+Step 15: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want)
+
+Observation 4: If you have entered 110, you should see:
+
+Legitimate function
+a=0x6E
+
+Conclusion: Thanks to our secure processor, it is impossible to divert the program to a malicious function. 
+However, buffer overflow can modify some variables because they are stored in the same memory area as the buffer.
+
+
+...