In this lecture, Mr. Bailey will present the security attributes of an exciting new processing architecture, RISC-V. Pronounced “Risk Five”, this architecture offers exceptional opportunities for a new generation of computing platforms by providing a fully open source Instruction Set Architecture (ISA) to the professional community. This move substantially decreases the cost of building new processing units by removing the price boundary often seen in common computing architectures.
RISC-V is designed to be 32, 64, and 128-bit ready, allowing the architecture to be capable of spawning computing platforms from micro-controllers similar to the cortex-m0+ all the way to competitive next-generation mainframe architectures. RISC-V incorporates a layered privilege model by design that offers the potential to secure even small embedded platforms in novel ways.
This talk is not just another “how to hack apps on architecture X” talk. While Mr. Bailey will present attacks against the RV32G ABI and the RV32C ABI, and will demonstrate exploitation capabilities with code examples, there is far more to discuss in the context of RISC-V’s security model.
Don will illuminate the base RISC-V privilege model as defined in the specifications, and how various implementations, including the SiFive FE310G, handle privilege. He will continue by describing how other implementations either do (or intend to) augment operating system security by providing capabilities such as tagged memory.
Bailey will wrap up the security portion of the discussion by describing features of the architecture that may be susceptible to manipulation through common faults observed in errata. He will compare issues in other common RISC architectures to those that are likely to be observed in RISC-V. He will then discuss the impact of defining an architecture across multiple native bit-lengths, and the security problems that are likely to arise once 128-bit processors are available to general computing.
Mr. Bailey will close the discussion with a commentary on the history of computing architectures, their benefits, their weaknesses, and where RISC-V implementations need to go in order to improve security in general computing, and especially the Internet of Things ecosystem.
