Abstract

The paper introduces COGENT, a generic instruction tag generator designed for RISC-V binaries to simplify the implementation of custom hardware security solutions without requiring specialized compilers. COGENT associates configurable tags (1 to 20 bits) and control-flow integrity (CFI) labels to instructions by encoding them using standard RISC-V 'nop' instructions. This methodology ensures full backward compatibility, allowing tagged programs to run on unmodified Commercial Off-The-Shelf (COTS) RISC-V hardware, albeit with measurable overheads up to 29.3% in binary size.

Report

COGENT: Generic Tagging for RISC-V Binaries

Key Highlights

• Novel Tool: Introduction of COGENT, a generic instruction tag generator for the RISC-V Instruction Set Architecture (ISA).
• Eliminates Compiler Reliance: COGENT removes the requirement for developing and maintaining specialized, custom compilers traditionally needed to inject security metadata (tags) into binaries.
• Backward Compatibility: Tags and labels are encoded entirely using nop (no operation) instructions, ensuring full compatibility with existing, unmodified RISC-V hardware.
• Security Support: Capable of emitting specific labels essential for implementing Control-Flow Integrity (CFI) solutions.

Technical Details

• Methodology: COGENT generates and inserts metadata tags into RISC-V binaries by repurposing standard nop instructions, minimizing disruption to the core instruction stream.
• Tag Configuration: The system supports configurable and varying tag widths, ranging from 1 bit up to 20 bits.
• Evaluation Suite: COGENT was evaluated using a subset of programs sourced from the industry-standard SPEC CPU2017 benchmark suite.
• Binary Size Overhead: Measured binary size increase ranged from 18.27% (highest tag coverage) to 29.3% (lowest tag coverage).
• Execution Time Overhead: When executed on COTS RISC-V unmodified hardware, the measured execution time overhead ranged from 5.72% (highest coverage) to 13.4% (lowest coverage).

Implications

• Accelerated Security Development: By decoupling metadata insertion from the compiler toolchain, COGENT drastically reduces the time and effort required to prototype and deploy custom hardware-based security solutions on RISC-V platforms.
• Democratization of Hardware Security: The generic nature of the tool makes advanced security features, such as specific CFI mechanisms, accessible to a wider range of RISC-V developers and researchers.
• Ecosystem Flexibility: The use of backward-compatible nop instructions is critical for immediate adoption, allowing tagged binaries to run on existing hardware installations, thus accelerating the integration of new security features into the rapidly growing RISC-V ecosystem.
• Foundation for Research: COGENT provides a robust and flexible platform for conducting future research on diverse hardware security architectures that rely on instruction tagging.