On-chip communication protocols like ARM AXI, RISC-V TileLink, and Wishbone govern communications between processors, memories, I/O, and accelerators. These protocols were developed to maximize performance. Their focus on performance leaves the protocols vulnerable to security risks as many implementations either do not follow the standard or the standard leaves important vulnerabilities underspecified. This is dangerous as it opens the door to exploits that can snoop on on-chip communication or lead to denial of service attacks.
eXpect was developed to systematically analyze AXI implementations for functional and security violations. Testing it on seven implementations, including AMD Xilinx and RISC-V PULP, revealed 135 violations, with 10 leading to seven significant exploits. These exploits demonstrated risks like using stale data and bypassing memory operations, which went undetected by AMD Xilinx’s protocol checkers in most cases.
eXpect was a collaboration started during Ryan’s Zurich sabbatical in 2022. The research was lead by Melisande Zonta-Roudes in Prof. Shweta Shinde‘s ETH Zurich research group. KRG members Francesco Restuccia played a key role in developing the initial ideas and Andy Meza helped with the implementation and testing.
eXpect was nominated for the Best Paper Award at the IEEE/ACM International Conference on Computer-Aided Design (ICCAD) 2024. Congrats to all the authors!