RISC-V架构的轻量化内存保护单元

葛红舞; 徐春晓; 左浩然; 龚子锐

doi:10.20193/j.ices2097-4191.2024.04.011

PDF(884 KB)

集成电路与嵌入式系统 ›› 2024, Vol. 24 ›› Issue (4) : 63-66. DOI: 10.20193/j.ices2097-4191.2024.04.011

研究论文

RISC-V架构的轻量化内存保护单元

作者信息 +

Lightweight memory protection unit based on RISC-V architecture

Author information +

文章历史 +

摘要

随着互联网和物联网的快速发展,全球联网设备数量高速增长,“万物互联”成为全球网络未来发展的重要方向。边缘物联代理设备繁荣的同时也催生了多样化的安全问题,然而传统的安全保护机制在现有边缘物联代理设备上已变得低效,且可信执行环境过大,需要依赖远程授权。目前应用普遍存在被破解、数据被窃取篡改等安全风险,对金融数据安全、个人隐私数据保护、业务数据完整性等带来极大的威胁。本文提出了一种基于RISC-V架构的轻量化内存保护单元,实现基于硬件可信根的硬件安全启动机制。通过对RISC-V指令集进行扩展,并利用新增指令创建内存安全空间,将一般的内存转换成安全的加密空间,实现可信嵌入式系统。

Abstract

The rapid development of contemporary information technology not only brings convenience to people, but also creates many security risks. With the rapid development of the Internet and the Internet of Things, the number of globally connected devices is growing rapidly, and "Internet of Things" has become an important direction for the future development of global networks. However, the prosperity of edge IoT proxy devices has also given rise to diverse security issues. However, traditional security protection mechanisms have become inefficient on existing edge IoT proxy devices. However, the trusted execution environment is too large and relies on remote authorization and other issues. At present, there are common security risks in applications such as being cracked, data being stolen and tampered with, posing a great threat to financial data security, personal privacy data protection, and business data integrity.This article proposes a lightweight memory protection unit based on the RISC-V architecture,implementing a hardware secure boot mechanism based on hardware trusted roots.By extending the RISC-V instruction set and using newly added instructions to create a memory secure space, the general memory is converted into a secure encrypted space, achieving a trusted embedded system.

导出引用

葛红舞, 徐春晓, 左浩然, 等. RISC-V架构的轻量化内存保护单元[J]. 集成电路与嵌入式系统. 2024, 24(4): 63-66 https://doi.org/10.20193/j.ices2097-4191.2024.04.011

GE Hongwu, XU Chunxiao, ZUO Haoran, et al. Lightweight memory protection unit based on RISC-V architecture[J]. Integrated Circuits and Embedded Systems. 2024, 24(4): 63-66 https://doi.org/10.20193/j.ices2097-4191.2024.04.011

中图分类号： TP368.1

参考文献

列表( 原文顺序 | 文献年度倒序 | 文中引用次数倒序 ) 可视化分析

[1]	RISC-V社区. RISC-V指令集体系结构[EB/OL]. [2023-09]. http://risc-v.org/. http://risc-v.org/ RISC-VCommunity. RISC-V instruction set architecture[EB/OL]. [2023-09]. http://risc-v.org/. (in Chinese) http://risc-v.org/

[2]	AHMED M AZAB, PENG NING, JITESH SHAH, et al. Hypervision across worlds: Real-time kernel protection from the arm trustzone secureworld[C]// ACM Sigsac Conference on Computer and Communications Security, 2014:1028-1031. 本文引用 [1]

[3]	SEUNGWON SHIN, YONGJOO SONG, TAEKYUNG LEE, et al. Rosemary: A robust, secure, and high-performance network operating system[C]// ACM Conference on Computer and Communications Security, 2014:78-89. 本文引用 [1]

[4]	YEONGJIN JANG, CHENGYU SONG, SIMON P CHUNG, et al. A11y attacks:Exploiting accessibility in operating systems[C]// ACM Conference on Computer and Communications Security, 2014:103-115. 本文引用 [1]

[5]	ADAM BATES, DAVE TIAN, KEVIN R. et al. Trustworthy whole-system provenance for the linux kernel[C]// Usenix Conference on Security Symposium, 2015. 本文引用 [1]

[6]	WANG GAOZU, LI WEIHUA, XU YANLING, et al. Design and implementation of secure embedded systems based on trustzone and μclinux[J]. Application Research of Computers, 2008:136 本文引用 [1]

[7]	LUYI XING, XIAORUI PAN, RUI WANG, et al.Upgrading your android, elevating my malware:Privilege escalation through mobile os updating[C]// In IEEE Symposium on Security and Privacy, 2014:393-408. 本文引用 [1]

[8]	LEJLA BATINA, PATRICK JAUERNIG, NELE MENTENS, et al. In Hardware We Trust:Gains and Pains of Hardware-assisted Security[C]// 2019 56th ACM/IEEE Design Automation Conference (DAC).IEEE, 2019.

[9]	DE A, BASU A, GHOSH S, et al. Hardware Assisted Buffer Protection Mechanisms for Embedded RISC-V[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2020(99):1.

[10]	KIM H, LEE J, PRATAMA D, et al. RIMI:instruction-level memory isolation for embedded systems on RISC-V[C]// ICCAD '20:IEEE/ACM International Conference on Computer-Aided Design.ACM, 2020.

[11]	MAJA MALENKO, MARCEL BAUNACh. Device Driver and System Call Isolation in Embedded Devices[C]// Euromicro Conference on Digital System Design, DSD 2019, 283-290.

[12]	OLIVIER SAVRY, MUSTAPHA EL-MAJIHI, THOMAS HISCOCK. Confidaent: Control Flow protection with Instruction and Data Authenticated Encryptio[C]// Euromicro Conference on Digital System Design, DSD 2020, 246-253.

[13]	HISCOCK T, SAVRY O, GOUBIN L. Lightweight instruction-level encryption for embedded processors using stream ciphers[J]. Microprocessors and microsystems, 2019, 64(2):43-52. https://doi.org/10.1016/j.micpro.2018.10.001 https://linkinghub.elsevier.com/retrieve/pii/S0141933118300607

[14]	R LASHERMES, H LE BOUDER, G THOMAS. Hardware-assisted program execution integrity:Hapei[J]// Lecture Notes in Computer Science, 11252 LNCS, 405-420.

[15]	R DE CLERCQ, J GÖTZFRIED, D ÜBLER, et al. SOFIA:Software and control flow integrity architecture[J]. Computers & Security, 2017, 68(7):16-35. https://doi.org/10.1016/j.cose.2017.03.013 https://linkinghub.elsevier.com/retrieve/pii/S0167404817300664