On a Consistency Testing Model and Strategy for Revealing RISC Processor's Dark Instructions and Vulnerabilities

Document Type

Article

Publication Date

7-14-2021

Publication Title

IEEE Transactions on Computers

First page number:

1

Last page number:

12

Abstract

As the reduced instruction set computing (RISC) processors are widely used nowadays, to meet the requirement that no secret instructions be included in the processor ISA or implemented in the processor micro-architecture, a consistency testing approach capable of revealing any possible dark instructions (i.e., executable instructions without clear definitions) in RISC processors has been proposed and comes in three phases. During the generation phase, based on the instruction set encoding rules, all the undefined instructions are generated. Even with a smaller test space, this step guarantees the test coverage needed to reveal all possible dark instructions that exist. In the next phase, all the undefined instructions obtained from the previous phase are executed on the processor under test, following some persistence strategies; any instruction exhibiting usual execution result will be deemed suspicious and recorded so. During the last analysis phase, each of those recorded suspicious instructions will be checked and analyzed to decide whether it truly constitutes a dark instruction. We have applied the proposed testing model and strategy to several RISC processors and found that all of them have a few dark instructions previously unknown. The potential vulnerabilities introduced by these dark instructions have thus been evaluated and exposed.

Keywords

Computer architecture; Consistency testing; Dark instruction; Encoding; Reduced instruction set computing; Registers; RISC processor; Security; Testing; Tools; Vulnerability

Disciplines

Computer and Systems Architecture | Computer Engineering | Engineering

Language

English

UNLV article access

Search your library

Share

COinS