A RISC-V Processor Designed For Security

A microprocessor is as secure as its weakest module. Depending on the application, the weakest module may be present in the hardware, micro-architecture, or a vulnerability in the software. For instance in a web-server, the biggest threats occur due to software vulnerabilities and due to information leakage in shared micro-architecture components. On the other hand, in an end-point IoT device, invasive and non-invasive hardware attacks such as Differential Power Analysis (DPA), are arguably the biggest threats. In this paper we highlight some aspects of the development of a secure processor called Shakti-S. The processor is configurable and can cater to vulnerabilities in multiple layers. To protect against memory vulnerabilities that are common in applications, hardware enabled memory protection schemes are implemented. Fine-grained compartment capabilities permit the secure least-privilege software design methodology. In the micro-architecture, shared modules like cache memories are protected by moving target randomization mechanisms which can prevent most variants of cache timing attacks. In the hard-ware, critical information is masked to break correlation with the device’s power consumption, thus hardening the processor against strong side-channel attacks like the Differential Power Analysis.