Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture
This work identifies security vulnerabilities in the Xtensa architecture, which is incremental as it applies known ROP techniques to a specific hardware domain.
The paper demonstrates that the Xtensa hardware architecture is vulnerable to Return-Oriented-Programming (ROP) attacks, presenting techniques for both supported ABIs, including a powerful mechanism for the windowed ABI that enables gadget chaining and register manipulation without relying on specific gadgets.
This paper shows how the Xtensa architecture can be attacked with Return-Oriented-Programming (ROP). The presented techniques include possibilities for both supported Application Binary Interfaces (ABIs). Especially for the windowed ABI a powerful mechanism is presented that not only allows to jump to gadgets but also to manipulate registers without relying on specific gadgets. This paper purely focuses on how the properties of the architecture itself can be exploited to chain gadgets and not on specific attacks or a gadget catalog.