Practicals & Theses

List of practicals and theses at the Embedded Computing Systems Group (E191/2)

Details for Implementation of a Control Flow Integrity scheme on a 32-bit RISC-V CPU

Modern software exploitation techniques that are based on code-reuse include return-oriented programming (ROP) where return instructions are manipulated by user-supplied data to leave the intended flow of execution.

Control Flow Integrity (CFI) tries to defend against such attacks by allowing only a very limited predefined number of call locations and ensuring that returns follow the same way back. CFI can be implemented in software but incurs rather large performance overheads depending on the acuteness of the scheme used. Hardware-supported CFI can reduce the performance penalty and has been implemented successfully in the past.

Your task in this project is to extend an existing 32-bit open-source RISC-V core named RI5CY from the ETH Zürich and University of Bologna to support CFI. To that end, not only the pipeline of the CPU has to be refined (additional instructions as well has memories to store the encoded Call Flow Graph (CFG)) but also the (GCC-based) toolchain and libraries need to be modified to support the scheme.

Selected practical parts of the project as described above may also be an applicable topic for PR "Praktikum Technische Informatik" (6 ECTS, 535) or PR "Projektarbeit in Technischer Informatik" (6 ECTS, 938). Likewise, the project could be split into a hardware- and software-centered part that are treated in two distinct bachelor theses. However, the preferred setup for this work is a diploma thesis (Diplomarbeit) that covers all parts.

If you are interested you might want to look into the following papers for an overview on the topic.

For any questions please contact Stefan Tauner.

Required Skills

Good knowledge about computer architecture (e.g., pipelining) and hardware design as well as a good understanding of C is mandatory. Experience with (System)Verilog, Xilinx Vivado, system programming (in C/C++) (in order of usefulness) are advantageous but no necessity.


Dipl.-Ing. Dr.techn. Andreas STEININGER

Univ.Ass. Dipl.-Ing. Stefan TAUNER (main responsibility)


Praktikum, Diplomarbeit