Results

We specify an extension to the RISC-V ISA in order to protect against timing attacks.

First, we introduce an instruction sctm to switch between constant-time mode and normal mode. In constant-time mode, instructions will execute in a time independent of the values of their operands. In normal mode, instructions will execute as fast as they can.

Then, the most important extension is related to the memory cache. We offer the possibility for a process to lock some data in the cache, and to unlock them. While locked, data cannot be evicted from the cache, and all accesses to this data are necessarily cache hits, and therefore do not leak the address of the data being accessed.

We propose :

  • a precise specification of the cache locking mechanism
  • a software simulator of a RISC-V ISA augmented with this locking mechanism
  • a hardware implementation based on the CV32E40P processor, with a L1 data cache

Comments are closed.