Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks

Mahreen Khan; Maria Mushtaq; Renaud Pacalet; Ludovic Apvrille

doi:10.1007/978-3-031-94855-8_15

Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks

Institut Polytechnique de Paris

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

This paper leverages the gem5 simulator to analyze a microarchitectural KASLR break on RISC-V systems. Previous research [2] demonstrated the feasibility of KASLR breaks on RISC-V hardware platforms (C906 and U74). Our paper aims to provide insights that are not easily attainable through traditional hardware experiments. By employing gem5, we gain access to fine-grained metrics such as cycle counts, cache behavior, branch prediction statistics, and TLB accesses, among others. These detailed insights give a deeper analysis of the KASLR bypass and help understand the attack mechanics better.

langue originale	Anglais
titre	Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings
rédacteurs en chef	Isabel Praça, Simona Bernardi, Pedro R.M. Inácio
Editeur	Springer Science and Business Media Deutschland GmbH
Pages	229-235
Nombre de pages	7
ISBN (imprimé)	9783031948541
Les DOIs	https://doi.org/10.1007/978-3-031-94855-8_15
état	Publié - 1 janv. 2025
Evénement	9th European Interdisciplinary Cybersecurity Conference, EICC 2025 - Rennes, France Durée: 18 juin 2025 → 19 juin 2025

Série de publications

Nom	Communications in Computer and Information Science
Volume	2500 CCIS
ISSN (imprimé)	1865-0929
ISSN (Electronique)	1865-0937

Une conférence

Une conférence	9th European Interdisciplinary Cybersecurity Conference, EICC 2025
Pays/Territoire	France
La ville	Rennes
période	18/06/25 → 19/06/25

Accès au document

10.1007/978-3-031-94855-8_15

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Khan, M., Mushtaq, M., Pacalet, R., & Apvrille, L. (2025). Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks. Dans I. Praça, S. Bernardi, & P. R. M. Inácio (eds.), Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings (p. 229-235). (Communications in Computer and Information Science; Vol 2500 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-94855-8_15

Khan, Mahreen ; Mushtaq, Maria ; Pacalet, Renaud et al. / Evaluating KASLR Break on RISC-V Using Gem5 : Microarchitectural Side-Channel Analysis of Page-Table Walks. Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings. Editeur / Isabel Praça ; Simona Bernardi ; Pedro R.M. Inácio. Springer Science and Business Media Deutschland GmbH, 2025. p. 229-235 (Communications in Computer and Information Science).

@inproceedings{9dd7cdc32d5845758809eb56b5372871,

title = "Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks",

abstract = "This paper leverages the gem5 simulator to analyze a microarchitectural KASLR break on RISC-V systems. Previous research [2] demonstrated the feasibility of KASLR breaks on RISC-V hardware platforms (C906 and U74). Our paper aims to provide insights that are not easily attainable through traditional hardware experiments. By employing gem5, we gain access to fine-grained metrics such as cycle counts, cache behavior, branch prediction statistics, and TLB accesses, among others. These detailed insights give a deeper analysis of the KASLR bypass and help understand the attack mechanics better.",

keywords = "Cache Timing Analysis, Embedded Systems, Microarchitectural Security, Side-Channel Attacks, gem5 Simulator",

author = "Mahreen Khan and Maria Mushtaq and Renaud Pacalet and Ludovic Apvrille",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 9th European Interdisciplinary Cybersecurity Conference, EICC 2025 ; Conference date: 18-06-2025 Through 19-06-2025",

year = "2025",

month = jan,

day = "1",

doi = "10.1007/978-3-031-94855-8\_15",

language = "English",

isbn = "9783031948541",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "229--235",

editor = "Isabel Pra{\c c}a and Simona Bernardi and In{\'a}cio, \{Pedro R.M.\}",

booktitle = "Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings",

}

Khan, M, Mushtaq, M , Pacalet, R & Apvrille, L 2025, Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks. Dans I Praça, S Bernardi & PRM Inácio (eds), Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings. Communications in Computer and Information Science, VOL. 2500 CCIS, Springer Science and Business Media Deutschland GmbH, p. 229-235, 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Rennes, France, 18/06/25. https://doi.org/10.1007/978-3-031-94855-8_15

Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks. / Khan, Mahreen; Mushtaq, Maria ; Pacalet, Renaud et al.
Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings. Ed. / Isabel Praça; Simona Bernardi; Pedro R.M. Inácio. Springer Science and Business Media Deutschland GmbH, 2025. p. 229-235 (Communications in Computer and Information Science; Vol 2500 CCIS).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Evaluating KASLR Break on RISC-V Using Gem5

T2 - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025

AU - Khan, Mahreen

AU - Mushtaq, Maria

AU - Pacalet, Renaud

AU - Apvrille, Ludovic

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/1/1

Y1 - 2025/1/1

N2 - This paper leverages the gem5 simulator to analyze a microarchitectural KASLR break on RISC-V systems. Previous research [2] demonstrated the feasibility of KASLR breaks on RISC-V hardware platforms (C906 and U74). Our paper aims to provide insights that are not easily attainable through traditional hardware experiments. By employing gem5, we gain access to fine-grained metrics such as cycle counts, cache behavior, branch prediction statistics, and TLB accesses, among others. These detailed insights give a deeper analysis of the KASLR bypass and help understand the attack mechanics better.

AB - This paper leverages the gem5 simulator to analyze a microarchitectural KASLR break on RISC-V systems. Previous research [2] demonstrated the feasibility of KASLR breaks on RISC-V hardware platforms (C906 and U74). Our paper aims to provide insights that are not easily attainable through traditional hardware experiments. By employing gem5, we gain access to fine-grained metrics such as cycle counts, cache behavior, branch prediction statistics, and TLB accesses, among others. These detailed insights give a deeper analysis of the KASLR bypass and help understand the attack mechanics better.

KW - Cache Timing Analysis

KW - Embedded Systems

KW - Microarchitectural Security

KW - Side-Channel Attacks

KW - gem5 Simulator

UR - https://www.scopus.com/pages/publications/105009238357

U2 - 10.1007/978-3-031-94855-8_15

DO - 10.1007/978-3-031-94855-8_15

M3 - Conference contribution

AN - SCOPUS:105009238357

SN - 9783031948541

T3 - Communications in Computer and Information Science

SP - 229

EP - 235

BT - Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings

A2 - Praça, Isabel

A2 - Bernardi, Simona

A2 - Inácio, Pedro R.M.

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 18 June 2025 through 19 June 2025

ER -

Khan M, Mushtaq M , Pacalet R , Apvrille L. Evaluating KASLR Break on RISC-V Using Gem5: Microarchitectural Side-Channel Analysis of Page-Table Walks. Dans Praça I, Bernardi S, Inácio PRM, rédacteurs en chef, Cybersecurity - 9th European Interdisciplinary Cybersecurity Conference, EICC 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 229-235. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-94855-8_15