Ensuring Security In The New Golden Age Of Computer Architecture

Ted Speers

2275
 

In this age of constantly innovating and improving computer security, the RISC-V community leaves no stone unturned in the field of security innovation. The community provides a simple platform to minimise attack surfaces and empower developers to find appropriate solutions against rapidly growing malicious programs such as Meltdown and Spectre.

RISC-V is the centre of gravity for processor security and an open-source instruction set architecture that is advancing in domain-specific architectures.

Elements of Computer Architecture

According to computer experts David Patterson and John Hennessy, four elements of the ‘New Golden Age of Computer Architecture’ were stated at the 45th International Symposium. They are:

  • Domain-specific hardware/software co-design
  • Open instruction sets
  • Agile chip design 
  • Enhanced security

The benefits of RISC-V are observed across multiple dimensions that enhance the ability to compete in the market. This includes freedom to innovate, cost-effective solutions and the control of the processor. It provides a plethora of opportunities that primarily focus on advancing the processor security and open doors to the best in class security experts to collaborate and solve problems pertaining to computer security.

FPGA Security Paved The Way For RISC -V

Working on FPGA security gave a fresh pair of eyes to the hardware security threats and challenges that the industries battled with. Delving deep into FPGA security in 2008 and with constant effort, an FPGA with an integrated processor subsystem was launched in 2012.

The primary focus was to build secure applications for customers, which was designed using a multi-layered approach that existed decades ago. Hardware security was the bottom-most layer that enabled other layers for different purposes such as design security or IP protection. This would in turn allow the customer to build an application layer. This process was exposed to various threats. One such threat pertained to side-channel attacks such as Differential Power Analysis (DPA) that allowed keys to be easily extracted. The FPGA was the only provider to deploy DPA (Differential Power Analysis) countermeasures offered by CRI (now Rambus).

The foundational hardware layers approach was non-sustainable as the side channels threats especially the micro-architectural side channels, through which a processor implementation feature is masked from the programmer, could be exploited to leak information and the vulnerabilities threat called for an immediate need to re-design the hardware foundation of the computer architecture. The incumbent instruction set architectures (ISAs) responded to the growing demand for secure computing with what amounted to inelegant patches to a fragile system.

The Rise Of RISC-V

Since the need of the hour was to secure the foundational hardware layer of the application, RISC-V came to the rescue. RISC-V thrives on security solutions, as showcased in workshops by LowRISC, the Shakti Processor Program and the RISC–V Summit (December 2018). The Shakti Processor Program, funded by the Government of India, presented an opportunity for countries to employ RISC-V whereas LowRISC emphasised on opensource hardware movement.

RISC–V On Its Way To Becoming The Center of Gravity

Along with its robust security solutions, RISC–V has way more to offer. Various industries are collaborating and investing in this technology. For instance, DARPA is investing in RISC-V and security and chose it as the evaluation platform for its System Security Integrated Through Hardware (SSITH) program. More than 30 members of the RISC-V Foundation either have security-based RISC-V offerings or are contributing to the security working groups.

The RISC-V Foundation has two technical working groups: Crypto and Trusted Execution Environment that are creating RISC-V ISA extensions. The foundation has created a Security Standing Committee that identifies and coordinates multi-faceted security activities. This includes promoting RISC-V as the ideal security vehicle and developing a consensus around best security practices for the Internet of Things (IoT) and embedded devices.

In one of the speaker programs conducted by the Foundation Security Standing Committee, Gernot Heiser and his colleagues from Data61 provided a framework on the emergence of RISC-V based computer security transformation. They proposed an abstraction called the “augmented” Instruction Set Architecture (aISA) that extends the contract between hardware and software beyond the traditional ISA

Furthermore, the aISA includes a mechanism that allows an Application Binary Interface (ABI) to exert more control over the micro-architectural state of the processor system. Take, for example, the flushing of caches or the operation of branch-prediction logic to provide security assurances with respect to threats such as cache timing channels.

Once the aISA is defined and implemented, RISC-V SecurityStack is created. This stack starts with the hardware-the base ISA and extends to a layer that implements the aISA. Above this is a secure microkernel that can implement countermeasures to micro-architectural side-channel attacks.

The RISC-V is evolving rapidly in securing applications by rebuilding the foundations of computer security. Microchip has played an innate role in taking the progress up a notch by collaborating with the RISC-V foundation.


Ted Speers is a Technical Fellow at Microchip Technology Inc., where he is responsible for defining the roadmap for low power, secure, reliable FPGAs and SoC FPGAs. He joined Microsemi, now Microchip, in 1987 and held roles in process engineering and product engineering before assuming his current role in 2003. Ted is a co-inventor on 35 U.S. patents. Prior to joining Microsemi, he worked at LSI Logic. He has a Bachelor of Science in chemical engineering from Cornell University. Ted has been a member of the RISC-V Foundation Board of Directors since its inception in 2016.

SHARE YOUR THOUGHTS & COMMENTS

Please enter your comment!
Please enter your name here