





ALMA MATER STUDIORUM Università di Bologna



# ISA Support for Hardware Resource Partitioning in RISC-V

Nils Wistoff<sup>1</sup>, Robert Balas<sup>1</sup>, Alessandro Ottaviano<sup>1</sup>, Gernot Heiser<sup>2</sup>, Luca Benini<sup>1,3</sup> <sup>1</sup>ETH Zürich, <sup>2</sup>UNSW Sydney, <sup>3</sup>University of Bologna

**Application A** 

secret s

ir

Trojan

security

boundary

Supervisor (OS)

Hardware

Microarchitectural State

Application B

Spy

Measure

execution

time

## 1. Problem: Timing Interference

## 4. Example: CPU

General Concept:

- Applications **compete** for shared hardware resources
- Timing channels levarage timing interferences to transfer information, bypassing security boundaries.
- Interference can cause deadline misses in mixed criticality systems.

### Timing Channel Example:

- Trojan: utilise cache depending on secret.
- Spy: measure execution time.
- Spy's measured execution time depends on Trojan's cache utilisation depends on secret.

## 2. Solution: Temporal & Spatial Partitioning

Indirectly modify

depending on

secret





5. Example: Last-Level Cache



## Free Allocated flush

## 3. Extending CBQRI





6. Conclusions & Future Work

### Conclusion:

- We propose a minimal ISA extension for interference-free HW resource partitioning.
- Preliminary results suggest low hardware costs and a minimal performance overhead.

#### Future Work:

- Extend evaluation to **further system components**. (e.g. AXI [4], LLC, DRAM controller)
- Create consistent **semantics** and **specification**.

### References



**No inter-block accesses:** Do not return hits from a capacity unit allocated to another domain.



Prevent interference

through any component



**System-level ubiquity:** *All* HW components comprise one or more flushable capacity units.

**Time padding:** Mechanism(s) to enforce constant context-switch latency.

Prevent interference through *context-switch* 

latency

- [1] RISC-V CBQRI Task Group. "RISC-V Capacity and Bandwidth QoS Register Interface Version 1.0-rc3". 2024. url: https://github.com/riscv-non-isa/riscv-cbqri/releases/download/v1.0-rc3/riscv-cbqri.pdf
- [2] Qian Ge, Yuval Yarom, and Gernot Heiser. "No Security Without Time Protection: We Need a New Hardware-Software Contract". In: APSys'18. ACM, 2018, 1:1–1:9. doi: 10.1145/3265723.3265724.
- [3] Nils Wistoff, Moritz Schneider, Frank K. Gürkaynak, Gernot Heiser, and Luca Benini. "Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning". In: IEEE Trans. Comput. 72.5 (2023), pp. 1420–1430. doi: 10.1109/TC.2022.3212636.
- [4] Thomas Benz, Alessandro Ottaviano, Robert Balas, Angelo Garofalo, Francesco Restuccia, Alessandro Biondi, Luca Benini. "AXI-REALM: A Lightweight and Modular Interconnect Extension for Traffic Regulation and Monitoring of Heterogeneous Real-Time SoCs". In: DATE'24. IEEE, 2024. doi: 10.3929/ethz-b-000642320.



e-mail: nwistoff@iis.ee.ethz.ch