Safety Analysis And Optimization Of A RISC-V CPU To Prevent Spectre Attacks

Since the free RISC-V instruction set architecture was pulished,RISC-V high-performance processors have been widely used in industries such as the Internet of Things.However,the existence of Spectre attack gives these processors' security one hit.There are a few optimization schemes designed for RISC-V.There are also some limits among these schemes.The first type of schemes on creating trusted execution environment ignores the security issues in the same process.The second type of schemes on optimizing ISA requires specific compilers to support.The last type of schemes on optimizing architecture design cannot achieve a balance between performance and hardware overhead.In order to get the limits of current design,attack models are established firstly,which is based on the charateristics of the Spectre attack.Then these models are used to attack the existing RISC-V high-performance processors,and analyzes the influence of the speculation mechanism on the state of the microarchitecture and the process of information leakage by Cache's side channel: Spectre attack induces the processor to execute two memory-related instructions transiently,so that an attacker-controllable array's element related to sensitive data is cached in the Cache.This element can be inferred through timing-based side-channel attack and the sensitiva data can finally be stolen.In order to improve the security of current RISC-V architecture design,the security scheme is introduced to optimize current Cache mechanism.It will check all access requests sent to L1 DCache,mark dangerous accesses which are under speculative execution and cause Cache miss,and start a clear countdown for the Cache line storing the tracked data.In this thesis,13 benchmarks from SPEC CPU2006 were used to verify the security and performance.In terms of security,this scheme can safely defand against Spectre v1,Spectre v2 and Split Spectre attacks.The rate of information leakage keeps at zero.When the main frequency of the processor is set to 1GHz,the effective initial value of countdown range is between 40 cycles and 160 cycles.Balancing security and performance,80 cycles as the perfect initial value.Compared with the original architecture,the performance of this scheme drops within 10%.Under the SMIC 45-nanometer process,compared with the original architecture of Cache,the area overhead increases by 0.816%,the dynamic power increase by0.381% and the power consumption also increases by 2.346%.Among similar technical schemes,the performance of this scheme is excellent,and the additional hardware overhead required is not large.