No description
Documentation | ||
readme.txt | ||
report.pdf |
Team number: xohw22-028 Project name: Securised processor for IoT - Mitigating buffer overflow based attacks Link to YouTube Video(s): Link to project repository: https://git.etud.insa-toulouse.fr/pfaure/PSI.git University name: INSA Toulouse Participant(s): Paul Faure Email: pfaure@insa-toulouse.fr Supervisor name: Daniela Dragomirescu Supervisor e-mail: daniela@laas.fr Board used: Basys3 Software Version: Vivado 2018.2 Brief description of project: A secure processor for IoT. The processor has two stacks, one of which is reserved for return addresses and context. This stack is only accessible by the CALL and RET instructions. Thus, a buffer overflow (MOV and COPY instructions) cannot modify this stack. It is therefore impossible to divert the program to a malicious function. The project includes the processor and the associated compiler. The compilation phase is done in two steps: The C file is compiled to a memory-oriented assembly language. Then, the cross assembler converts it to the register-oriented assembly language of the processor, then, to a binary program. The binary file can then be written in the memory (source code) of the processor. It only remains to synthesize, implement, generate the bitstream, and flash the FPGA. Description of archive (explain directory structure, documents and source files): ├───Documentation ├───PSI │ ├───Compilateur │ ├───CrossAssembleur │ ├───Interpreteur │ ├───InterpreteurRegistres │ ├───Processeur │ │ Makefile │ │ prog_vulnerable.c │ │ ReadMe.md │ readme.txt │ report.pdf The Documentation folder contains diagrams related to each VHDL component, it also contains the list of instructions supported by the processor. The PSI folder contains the source codes of the project. The PSI/Compilateur folder contains the source codes of the C compiler associated with the processor. The PSI/CrossAssembleur folder gathers the source codes of the crossassembler allowing to add the management of the registers. The PSI/Interpreteur folder contains the source codes of an interpreter that can interpret the assembly output of the compiler. The PSI/InterpreteurRegistres folder gathers the source codes of an interpreter which can interpret the assembly output of the crossassembler The PSI/Processeur folder contains the VHDL source codes of the processor. In the PSI folder is also provided : A Makefile to simplify the use of the project. An example of a C program containing a deliberate vulnerability to a buffer overflow attack. A ReadMe.md detailing how the project works. In the archive is also provided : This document. A more detailed report of the project. Instructions to build and test project Step 1: Hardware setup. Connect a keyboard to the USB port and a screen to the VGA port of the FPGA. Connect the FPGA to your PC thanks to USB cable. Step 2: Open a terminal and move to the PSI folder. Step 3: Configure project as unsecure (without double stack). "make unsecure" Step 4: Build all the project. "make build WHAT="all"" Step 5: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable"" Step 6: Open Vivado, load the PSI/Processeur/Processeur.xpr project. Step 7: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device. Observation 1: You should see "Program begin" and "Please enter a value:" on screen. Step 8: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want) Observation 2: If you have entered 110, you should see: YOU'VE BEEN HACKED (__) (|) (00) |--(__) | _| _|\__/ Yark Yark Yark Step 9: Close Vivado Step 10: Configure project as secure (with double stack). "make secure" Step 11: Build all the project. "make build WHAT="all"" Step 12: Execute the whole chain (build, crossassemble and load the program). "make exec WHAT="all" SOURCE="prog_vulnerable"" Step 13: Open Vivado, load the PSI/Processeur/Processeur.xpr project. Step 14: Run synthesis, run implementation, generate bitstream, open hardware manager, open target, autoconnect, program device. Observation 3: You should see "Program begin" and "Please enter a value:" on screen. Step 15: Enter value 110, this value will be written in a array with a buffer overflow. (110 is the adresse of a malicious function, but you can enter other value if you want) Observation 4: If you have entered 110, you should see: Legitimate function a=0x6E Conclusion: Thanks to our secure processor, it is impossible to divert the program to a malicious function. However, buffer overflow can modify some variables because they are stored in the same memory area as the buffer. ...