Towards designing a secure RISC-V system-on-chip : ITUS

Abstract

A rising tide of exploits, in the recent years, following a steady discovery of the many vulnerabilities pervasive in modern computing systems has led to a growing number of studies in designing systems-on-chip (SoCs) with security as a first-class consideration. Fol- lowing the momentum behind RISC-V based systems in the public domain, much of this effort targets RISC- V based SoCs; most ideas, however, are independent of this choice. In this manuscript we present a consolida- tion of our early efforts along these lines in designing a secure SoC around RISC-V, named ITUS. In partic- ular, we discuss a set of primitive building blocks of a secure SoC and present some of the implemented se- curity subsystems using these building blocks—such as secure boot, memory protection, PUF-based key man- agement, a countermeasure methodology for RISC-V micro-architectural side-channel leakage, and an inte- gration of the open keystone-enclaves for TEE. The current ITUS SoC prototype, integrating the discussed security subsystems, was built on top of the lowRISC project, however, these are portable to any other SoC code base. The SoC prototype has been evaluated on an FPGA.