Instructors: Don A. Bailey
Dates: May 30-June 2 2022
Location: Hilton Double Tree
Capacity: 20 Seats
This training is designed to give students the knowledge and skills required to analyze, identify, target, and exploit flaws in both RISC-V processors, and applications and kernels written for the architecture. Not only will RISC-V application level exploitation be a focus of the training session, processor exploitation will also be a focus, providing students with insights into architectural design choices that make RISC-V more resilient to side channel attacks, “trustzone” escapes, and privilege “ring” escalation attacks.
Students will complete the class with a full understanding of the RISC-V architecture and its variants, how to identify/analyze a RISC-V processor, and how to target and exploit an application or kernel running on a RISC-V CPU. Students will learn how the architecture's formal definition differs from implementations of the processor specification, and will learn how to target subtleties in the specification that grant implementors the flexibility to introduce potential architecture flaws that can be exploited in order to cross privilege boundaries or leak/exfil privileged data.
Variations of RISC-V technology will be discussed, such as the “unhackable” Morpheus microarchitecture, production variants such as SiFive's product line, and security focused chips such as HexFive and LowRISC.
Anyone interested in CPU security, exploit development for new architectures, and exploit development for CPUs in general.
RISC-V is exploding in popularity as the next generation computing architecture for both embedded systems and high performance computing. Understanding RISC-V today means being prepared to protect and compromise the computing landscape of tomorrow. Join the forefront of computing by learning the architecture that is redefining how we think about processor security.
Prerequisites:
- Basic assembly knowledge with any RISC architecture CPU
- Basic low-level programming (C, assembly)
- Basic Python
- Familiarity with the Linux command line and its common tools
System requirement:
- A working computer
- Virtual machine(s) running Linux
- The ability for your Linux system to run virtual machines (QEMU)
- Python installed (2 and 3)
- Basic development toolchain installed: gcc/llvm, gdb, vim, make/automake/autoconf, OpenOCD, telnet/nc
Don A. Bailey is a well known cyber security professional that has been on the bleeding edge of security research for 20 years. In his storied career, he has been lucky enough to have several key industry firsts: the first car hack, the first global cellular hack, the first GPS hack, the largest compression algorithm hack, the first Apple hardware IoT security model hack, and the first RISC-V 0day. Regarding RISC-V security, Don got in early to the architecture, joining the RISC-V organization in 2016. Don’s research uncovered the first privilege model exploit, which he demonstrated at HITB 2017. Don currently works to integrate security into RISC-V as the chair of the Security Response Team, which is releasing strategies for RISC-V security in 2022. Mr Bailey resides in Michigan with his son, Pierce, and his dog Arthur.
Click here to register.