SHAKTI-MS : A RISC-V Processor for Memory Safety in C Sourav Das Indian Institute of Technology, Madras sourav.iniesta13@gmail.com R Harikrishnan Unnithan Birla Institute of Technology and Science Pilani, Goa Campus f20140181g@alumni.bits-pilani.ac.in Arjun Menon Indian Institute of Technology, Madras c.arjunmenon@gmail.com Chester Rebeiro Indian Institute of Technology, Madras chester@cse.iitm.ac.in Kamakoti Veezhinathan Indian Institute of Technology, Madras kama@cse.iitm.ac.in ABSTRACT In this era of IoT devices, security is very often traded of for smaller device footprint and low power consumption. Considering the ex- ponentially growing security threats of IoT and cyber-physical systems, it is important that these devices have built-in features that enhance security. In this paper, we present Shakti-MS, a light- weight RISC-V processor with built-in support for both temporal and spatial memory protection. At run time, Shakti-MS can detect and stymie memory misuse in C and C++ programs, with minimum runtime overheads. The solution uses a novel implementation of fat-pointers, those associate capabilities with every pointer. Our proposal is to use stack-based cookies for crafting fat-pointers in- stead of having object-based identifers. We store the fat-pointer on the stack, which eliminates the use of shadow memory space, or any table to store the pointer metadata. This reduces the storage overheads by a great extent. The cookie also helps to preserve con- trol fow of the program by ensuring that the return address never gets modifed by vulnerabilities like bufer overfows. Shakti-MS introduces new instructions in the microprocessor hardware, and also a modifed compiler that automatically inserts these new in- structions to enable memory protection. This co-design approach is intended to reduce runtime and area overheads, and also provides an end-to-end solution. The hardware has an area overhead of 700 LUTs on a Xilinx xcvu095-fva2104-2-e FPGA and 4100 cells on an open 55nm technology node. The clock frequency of the processor is not afected by the security extensions, while there is a marginal increase in the code size by 11% with an average runtime overhead of 13%. CCS CONCEPTS · Security and Privacy → Hardware and Compiler security implementations ; · Computer systems organization → Em- bedded systems; Reduced Instruction set architecture. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proft or commercial advantage and that copies bear this notice and the full citation on the frst page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s). xxx, 2019, xxx © 2019 Copyright held by the owner/author(s). ACM ISBN xxx-xx-xxx/xx/xx. https://doi.org/x.xxx/xxx KEYWORDS Secure Processor Architecture, Bufer Overfows, Memory Safety, Use-after-free, Spatial Attacks, Temporal Attacks, Dangling Point- ers ACM Reference Format: Sourav Das, R Harikrishnan Unnithan, Arjun Menon, Chester Rebeiro, and Kamakoti Veezhinathan. xxx. SHAKTI-MS : A RISC-V Processor for Memory Safety in C . In Proceedings of xxx. ACM, xxx, xx, xxx, Article x, 11 pages. https://doi.org/x.xxx/xxx 1 INTRODUCTION With the advent of IoT, there has been a rapid increase in the use of low-power embedded devices. These devices are deployed in wide and diverse applications that are connected to the Internet. While these devices becoming more pervasive, large scale attacks involving compromised embedded devices such as the Mirai bot- net [21] are becoming commonplace. In the absence of robust secure environments, vulnerabilities introduced in these devices due to programming faws can allow attackers to take control of systems with ease. Several of these vulnerabilities occur due to illegal use of memory accesses. Today, these memory access vulnerabilities rank among the top 25 vulnerabilities in system software [24]. Vulnerabilities like bufer overfows [34], use-after-free(UAF) [36, 43], and double- free [16] are some of the major security threats. These vulnerabili- ties still persist due to predominant use of C and C++ programming languages due to the fact that these programming languages have features like explicit pointer manipulations, fexible type casting constructs and ease in interfacing with the hardware. These features make them favorable for the development of operating systems, virtual machine monitors, embedded systems, and database man- agement software. However, these features come with the risk of illegal memory access and have led to many attacks in the past. Rewriting all existing code in memory safe languages is not feasible and hence we are left with the difcult task of retroftting security into existing systems. There have been many studies relating to spatial and temporal attacks due to illegal memory uses [1ś3, 5ś8, 25, 26, 28ś31, 35] and many have proposed methods to prevent one or both of these attacks. Some of the approaches focus only on software solutions [1ś 3, 5, 8, 28ś31], while others rely on support from the hardware to enforce memory safety [6, 7, 25, 26, 35]. Many of the existing software solutions either fail to provide complete temporal and