SecWalk: Protecting Page Table Walks Against Fault Attacks

The correct execution of a memory load and store is essential for the flawless execution of a program. However, as soon as devices are deployed in hostile environments, fault attacks can manipulate memory operations and subsequently alter the execution of a program. While memory accesses for simple processors with direct memory access can efficiently be protected against fault attacks, larger processors with virtual addressing lack this protection. However, the number of systems with larger application-class processors is growing, leaving many applications unprotected. It requires new countermeasures to efficiently protect memory accesses of processors with virtual memory against fault attacks. In this work, we present SecWalk, a design to efficiently protect all memory accesses of a program in the virtual and physical memory domain against fault attacks. We enhance residual-based pointer protection with a hardware-based secure page table walk inside the memory management unit. The page table walk securely translates a protected virtual address to a protected physical address by exploiting the redundancy properties of encoded addresses and a linking mechanism in the memory management unit. Furthermore, we extend the protection domain for virtual addresses to the TLB to also protect fast translations. To evaluate the overhead, we integrate SecWalk to an FPGA-based open-source RISC-V core, where SecWalk extends the area of the design by 10 %. The software evaluation on a set of microbenchmarks shows an average code overhad of 11.05 % and runtime overhead of 7.17 %. To show the applicability on real-life applications, we port the microkernel seL4 to SecWalk, which yields a code overhead of 13.1 % and a runtime overhead of 11.6 %. The evaluation shows the overhead is small considering that SecWalk automatically protects all memory accesses of arbitrary applications against faults.