Carding 4 Carders
Professional
Researchers from the Zurich Institute of Technology left hackers no chance.
Scientists from the Swiss Institute of Technology ETH Zurich have developed a new fuzzer for detecting errors in RISC-V chips and using it found more than three dozen flaws.
Fuzzing is a technique in which random input data is sent to software or hardware to see how it responds. The technique is widely used to identify errors in the code or architectural flaws of devices. However, existing fuzzing tools for processors have certain limitations.
ETH Zurich graduate students Flavien Salt and Katarina Sizay-Seitz, as well as Assistant Professor Kaveh Razavi, named their project "Cascade". The difference between Cascade and other tools is the use of a technique called asymmetric pre-modeling ISA.
The basic idea is to use the ISA simulator to create a program in which the control flow and data flow are interconnected in such a way that the program always ends correctly on a properly running processor.
When applied to six current RISC-V processors, Cascade found 37 new bugs in five of these six designs. Errors can lead to information leaks, denial of service, and other consequences.
Scientists from ETH Zurich claim that compared to other tools such as TheHuzz and DifuzzRTL, Cascade provides similar coverage, but 28-97 times faster.
Razavi noted that RISC-V works well with Cascade because of its simplicity. RISC-V is a simple architecture, and this simplicity has allowed us to create a tool that covers most of the features provided by the ISA.
Finally, Razavi added, "Building something like Cascade for a more complex architecture like x86 will require much more engineering effort. But I think it's worth a shot."
Scientists from the Swiss Institute of Technology ETH Zurich have developed a new fuzzer for detecting errors in RISC-V chips and using it found more than three dozen flaws.
Fuzzing is a technique in which random input data is sent to software or hardware to see how it responds. The technique is widely used to identify errors in the code or architectural flaws of devices. However, existing fuzzing tools for processors have certain limitations.
ETH Zurich graduate students Flavien Salt and Katarina Sizay-Seitz, as well as Assistant Professor Kaveh Razavi, named their project "Cascade". The difference between Cascade and other tools is the use of a technique called asymmetric pre-modeling ISA.
The basic idea is to use the ISA simulator to create a program in which the control flow and data flow are interconnected in such a way that the program always ends correctly on a properly running processor.
When applied to six current RISC-V processors, Cascade found 37 new bugs in five of these six designs. Errors can lead to information leaks, denial of service, and other consequences.
Scientists from ETH Zurich claim that compared to other tools such as TheHuzz and DifuzzRTL, Cascade provides similar coverage, but 28-97 times faster.
Razavi noted that RISC-V works well with Cascade because of its simplicity. RISC-V is a simple architecture, and this simplicity has allowed us to create a tool that covers most of the features provided by the ISA.
Finally, Razavi added, "Building something like Cascade for a more complex architecture like x86 will require much more engineering effort. But I think it's worth a shot."
