Tools
Tools
Omotosho, Adebayo 
ORCID: https://orcid.org/0000-0002-1642-7610 and Hammer, Christian ORCID: https://orcid.org/0000-0001-5955-3732
(2025)
CRAX: Code reuse attacks on Xtensa’s register window ABI.
Microprocessors and Microsystems, 117.
p. 105188.
doi:10.1016/j.micpro.2025.105188
![[thumbnail of 15268 Omotosho, A and Hammer C (2025) CRAX - Code reuse attacks on Xtensa’s register window ABI.pdf]](https://eprints.glos.ac.uk/style/images/fileicons/text.png "15268 Omotosho, A and Hammer C (2025) CRAX - Code reuse attacks on Xtensa’s register window ABI.pdf") |
Text
15268 Omotosho, A and Hammer C (2025) CRAX - Code reuse attacks on Xtensa’s register window ABI.pdf - Accepted Version Restricted to Repository staff only until 11 August 2026. (Publisher Embargo). Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0. Download (574kB) |
Abstract
Code reuse attacks exploit existing codes in applications to hijack control flow and cause security breaches. However, reusing code on architectures with a register window or windowed register application binary interface (Winreg ABI), as known on Xtensa, poses significant challenges due to their unique architectural behavior. Winreg ABI aims to enhance register performance by reducing stack operations during procedure calls in reduced instruction set computer architectures. Rudimentary investigations have explored Winreg ABI exception handlers as potential sources of vulnerability in register window operations. Despite these efforts, the approach has been limited, even in synthetic examples, as it cannot technically reuse codes beyond changing register values. In this paper, we present a novel approach to producing gadget-based code reuse attacks on Xtensa cores utilizing Winreg ABI, as found in embedded systems like ESP32 and ESP8266. At the same time, we showcase that established methods to detect such attacks such as leveraging hardware performance counter can also detect such attack schemes. Finally, we identify an additional potential loophole in the Winreg ABI. Our evaluation results using a number of benchmark applications demonstrate that successful attacks exhibit a consistent pattern that can be accurately detected.
| Item Type: | Article |
|---|---|
| Article Type: | Article |
| Uncontrolled Keywords: | Register window; Microprocessor; Embedded systems; Xtensa; Code reuse attack; Machine learning |
| Subjects: | H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management > HD61 Risk in industry. Risk management Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Depositing User: | Kamila Niekoraniec |
| Date Deposited: | 25 Sep 2025 10:30 |
| Last Modified: | 12 Oct 2025 09:45 |
| URI: | https://eprints.glos.ac.uk/id/eprint/15268 |
University Staff: Request a correction | Repository Editors: Update this record
