Risc-V Security Training


Instructor: Don A. Bailey
Dates:  June 5 to 8 2023
Capacity:  20 Seats




 

This Recon training program has been redesigned to suit Recon students looking for tactical exploit development skills when targeting RISC-V platforms. This training previously focused on the RISC-V architecture, CPU architecture security, and exploiting CPU design flaws. However, due to popular demand, this training has been augmented with guided laboratory examples for the exploitation of both CPU design flaws and software vulnerabilities at the firmware, kernel, and userland layers.†




ClASS OUTLINE



 

Students will walk away with two key knowledge-bases:


- Exploiting CPU architecture design and implementation flaws

- Writing specific exploits for the RISC-V architecture




In focusing on CPU architecture security, students will learn:


- How to quickly identify potential security flaws in CPU architectures with real world examples

- How to identify potential CPU implementation security flaws with real world examples

- Threat modeling for CPU architectures with practical and cost-effective exploitation




In focusing on RISC-V exploit development, students will learn:


- RISC-V architecture security models and weaknesses

- Firmware exploitation labs with examples, with a focus on OpenSBI

- Kernel exploitation labs with examples, with a focus on Linux and FreeBSD for RISC-V

- Software (userland) exploitation labs with examples, with a focus on Linux and FreeBSD



LEARNING OBJECTIVES



At the end of the week, students should be able to apply the techniques in CPU architecture security analysis to both RISC-V and other popular RISC-based platforms, such as ARM, Intel, MIPS, and more.

Students should also be able to develop their own exploit patterns for RISC-V and quickly tune them to arbitrary targets with minimal alterations. The lecturer will demonstrate, with examples, why exploit development patterns for RISC architectures is not unique to a single RISC architecture, and why the techniques, threat models, and patterns discussed in this lesson plan will be portable to almost any CPU architecture.



Bio



Don A. Bailey is a well known cyber security professional that has been on the bleeding edge of security research for 20 years. In his storied career, he has been lucky enough to have several key industry firsts: the first car hack, the first global cellular hack, the first GPS hack, the largest compression algorithm hack, the first Apple hardware IoT security model hack, and the first RISC-V 0day. Regarding RISC-V security, Don got in early to the architecture, joining the RISC-V organization in 2016. Donís research uncovered the first privilege model exploit, which he demonstrated at HITB 2017. Don currently works to integrate security into RISC-V as the chair of the Security Response Team, which is releasing strategies for RISC-V security in 2022. Mr Bailey resides in Michigan with his son, Pierce, and his dog Arthur. A. Bailey



To Register

Click here to register.