Replicating and Mitigating Spectre Attacks on a Open Source RISC-V Microarchitecture

Recent revelations of new side-channel vulnerabilities in modern processors has made hardware security a first-order concern in processor design. We demonstrate how the Berkeley Out-of-Order Machine (BOOM), a generic open-source out-of-order RISC-V processor, is useful for studying the performance and security implications of microarchitectural mitigations for side-channel attacks. Two results are presented. First we replicate several basic variants of Spectre attacks which exploit the effects of speculative execution in the L1 data cache. We then implement a preliminary hardware mitigation for such attacks, demonstrate its effectiveness, and measure its impact on performance, and area. Compared to the baseline processor, our mitigation displays a 2% IPC improvement, a 2.5% area increase, and a 0.36% clock reduction in a 45nm process. To our knowledge, our work is the first available demonstration on an open-source RISC-V processor of speculative side-channel attacks and a potential hardware mitigation. Our methodology demonstrates the value of the open-source RISC-V hardware ecosystem for secure hardware research.