RISC-V Security Training

$4,299.00

Duration

4 days

Delivery Method

in-person

Level

intermediate

Seats Available

20

Duration

4 days

Delivery Method

in-person

Level

intermediate

REGISTRATION CLOSED

DATE: 9-12 May 2022

TIME: 09:00 – 12:00 & 14:00 – 17:00 CEST/GMT+2

Date Day Time Duration
09 May Monday 09:00 – 12:00 & 14:00 – 17:00 CEST/GMT+2 6 Hours
10 May Tuesday 09:00 – 12:00 & 14:00 – 17:00 CEST/GMT+2 6 Hours
11 May Wednesday 09:00 – 12:00 & 14:00 – 17:00 CEST/GMT+2 6 Hours
12 May Thursday 09:00 – 12:00 & 14:00 – 17:00 CEST/GMT+2 6 Hours

 


This training is designed to give students the knowledge and skills required to analyze, identify, target, and exploit flaws in both RISC-V processors, and applications and kernels written for the architecture. Not only will RISC-V application level exploitation be a focus of the training session, processor exploitation will also be a focus, providing students with insights into architectural design choices that make RISC-V more resilient to side channel attacks, “trustzone” escapes, and privilege “ring” escalation attacks.

Students will complete the class with a full understanding of the RISC-V architecture and its variants, how to identify/analyze a RISC-V processor, and how to target and exploit an application or kernel running on a RISC-V CPU. Students will learn how the architecture’s formal definition differs from implementations of the processor specification, and will learn how to target subtleties in the specification that grant implementors the flexibility to introduce potential architecture flaws that can be exploited in order to cross privilege boundaries or leak/exfil privileged data.

Variations of RISC-V technology will be discussed, such as the “unhackable” Morpheus microarchitecture, production variants such as SiFive’s product line, and security focused chips such as HexFive and LowRISC.

 

Topics covered:
  • RISC-V Architecture
  • RISC-V Privilege models and extensions
  • RISC-V peripherals and bus model
  • RISC-V debugging and testing
  • Application development environment
  • Toolchains, soft debugging
  • Kernel and application privilege layers
  • Exploiting kernels
  • Exploiting applications
  • Tagged memory
  • Side channel attacks
  • Software protections in RISC-V

Agenda

  • Topics covered:

    ● RISC-V Architecture ● RISC-V Privilege models and extensions ● RISC-V peripherals and bus model ● RISC-V debugging and testing ● Application development environment ● Toolchains, soft debugging ● Kernel and application privilege layers ● Exploiting kernels ● Exploiting applications ● Tagged memory ● Side channel attacks ● Software protections in RISC-V

Why You Should Take This Course

RISC-V is exploding in popularity as the next generation computing architecture for both embedded systems and high performance computing. Understanding RISC-V today means being prepared to protect and compromise the computing landscape of tomorrow. Join the forefront of computing by learning the architecture that is redefining how we think about processor security.

Who Should Attend

Anyone interested in CPU security, exploit development for new architectures, and exploit development for CPUs in general.

Key Learning Objectives

  • What does security mean in RISC-V

  • How does RISC-V differ from other architectures (generally and from a security perspective)

  • How do we attack RISC-V processors and applications on them

  • How do we defend a RISC-V platform

  • What is the future of the CPU attack surface?
  • Prerequisite Knowledge

    • Basic assembly knowledge with any RISC architecture CPU
    • Basic low-level programming (C, assembly)
    • Basic Python
    • Familiarity with the Linux command line and its common tools

    Hardware / Software Requirements

    • A working computer
    • Virtual machine(s) running Linux
    • The ability for your Linux system to run virtual machines (QEMU)
    • Python installed (2 and 3)
    • Basic development toolchain installed: gcc/llvm, gdb, vim, make/automake/autoconf, OpenOCD, telnet/nc

    Your Instructor

    Don A. Bailey is a well known cyber security professional that has been on the bleeding edge of security research for 20 years. In his storied career, he has been lucky enough to have several key industry firsts: the first car hack, the first global cellular hack, the first GPS hack, the largest compression algorithm hack, the first Apple hardware IoT security model hack, and the first RISC-V 0day. Regarding RISC-V security, Don got in early to the architecture, joining the RISC-V organization in 2016. Don’s research uncovered the first privilege model exploit, which he demonstrated at HITB 2017. Don currently works to integrate security into RISC-V as the chair of the Security Response Team, which is releasing strategies for RISC-V security in 2022. Mr Bailey resides in Michigan with his son, Pierce, and his dog Arthur.