For decades, the evolution of processors has focused on improving their performance. In recent years, attacks directly exploiting optimization mechanisms have appeared. Using for example caches, performance counters or speculation units, they jeopardize the safety and security of processors and the industrial systems that operate them. We can cite SPECTRE and Meltdown as flagship examples.

The open-HW approaches and in particular the RISC-V initiative are now both an economic reality and an innovation opportunity for European players in the field of processors architecture. The use of this open-source approach requires the design of secure processor cores, and therefore makes it possible to move towards greater independence in the field of cyber-security.

The SECURE-V project offers an innovative open-source, secure and high-performance processor core based on the ISA RISC-V. The originality of the approach lies in the integration of a dynamic code transformation unit covering 4 of the 5 NIST functions of cybersecurity, in particular via monitoring (identify, detect), obfuscation (protect), and dynamic adaptation (reacting).

This dynamic management paves the way for online optimizations that improve the security and safety of the micro-architecture without overhauling the software or the architecture of the chip.

The main outcomes of the project are a prototype of a complete RISC-V ISA based architecture running on top of an FPGA, including the security-oriented blocks designed in the project An analysis of the security level reached by the propositions is also expected. As we work at the micro-architecture level, the SECURE-V architecture will be at the center of the security kernel of future products.

The proposed innovative solution is built around three main contributions:

1. The dynamic code transformation unit is the core idea of this proposal. This unit will support on-the-fly modifications of the program instructions translation and decoding processes. These changes aim to provide security building blocks by either altering the processor pipeline datapath behavior or hiding the sensitive paths with data obfuscation. These two mechanisms are respectively possible using instructions operations rescheduling or with injections of additional operations into the pipeline. This unit will also allow the dynamic instrumentation of a code without modifying the original binary. 
2. Advanced configurable memory management policies will add an additional level of obfuscation. We can cite for example alternatives to conventional caches such as scratchpads with dynamic management, dedicated memories (or TCM for Tightly Coupled Memory), partially reconfigurable caches in SRAM. New dynamic security-oriented cache management will also be investigated in order to avoid interference at this level, or to supervise on demand information when identifying suspicious behaviors. Finally, as for the operations in the pipeline, we will also be able to insert (periodically or on a more controlled manner) access instructions to different memory areas aiming at different accesses activity in order to disrupt side-channel attacks. 
3. In order to complete the approach and to control, in particular, the dynamic changes in the behavior of the micro-architecture, a  dynamic control block will be developed. By observing the state of the micro-architecture, this unit will be able to determine when specific security properties are violated, denoting an abnormal behavior that may result from an attack, or a sensitive context that needs to be secured.  In reaction to the detected situation, it will trigger an adaptation via the dynamic code transformation unit and/or the microarchitecture. The use of runtime verification, a lightweight formal method, to synthesize monitors of security properties, will help to justify the confidence placed in this unit.