Originally published on ArXiv - Hardware Architecture

Computer Science > Cryptography and Security

arXiv:2410.09839v1 (cs)

[Submitted on 13 Oct 2024]

Title:RISC-V Needs Secure 'Wheels': the MCU Initiator-Side Perspective

Authors:Sandro Pinto, Jose Martins, Manuel Rodriguez, Luis Cunha, Georg Schmalz, Uwe Moslehner, Kai Dieffenbach, Thomas Roecker

View a PDF of the paper titled RISC-V Needs Secure 'Wheels': the MCU Initiator-Side Perspective, by Sandro Pinto and 7 other authors

View PDF HTML (experimental)

Abstract:The automotive industry is experiencing a massive paradigm shift. Cars are becoming increasingly autonomous, connected, and computerized. Modern electrical/electronic (E/E) architectures are pushing for an unforeseen functionality integration density, resulting in physically separate Electronic Control Units (ECUs) becoming virtualized and mapped to logical partitions within a single physical microcontroller (MCU). While functional safety (FuSa) has been pivotal for vehicle certification for decades, the increasing connectivity and advances have opened the door for a number of car hacks and attacks. This development drives (cyber-)security requirements in cars, and has paved the way for the release of the new security certification standard ISO21434. RISC-V has great potential to transform automotive computing systems, but we argue that current ISA/extensions are not ready yet. This paper provides our critical perspective on the existing RISC-V limitations, particularly on the upcoming WorldGuard technology, to address virtualized MCU requirements in line with foreseen automotive applications and ISO21434 directives. We then present our proposal for the required ISA extensions to address such limitations, mainly targeting initiator-side protection. Finally, we explain our roadmap towards a full open-source proof-of-concept (PoC), which includes extending QEMU, an open-source RISC-V core, and building a complete software stack.

Subjects:

Cryptography and Security (cs.CR); Hardware Architecture (cs.AR)

Cite as:

arXiv:2410.09839 [cs.CR]

(or arXiv:2410.09839v1 [cs.CR] for this version)

https://doi.org/10.48550/arXiv.2410.09839

Focus to learn more

arXiv-issued DOI via DataCite

Submission history

From: Thomas Roecker [view email]
[v1] Sun, 13 Oct 2024 13:38:57 UTC (311 KB)

Full-text links:

Access Paper:

View a PDF of the paper titled RISC-V Needs Secure 'Wheels': the MCU Initiator-Side Perspective, by Sandro Pinto and 7 other authors

• View PDF
• HTML (experimental)
• TeX Sourceview license

Current browse context:

cs.CR

< prev   |   next >

new | recent | 2024-10

Change to browse by:

cs
cs.AR

References & Citations

• NASA ADS
• Google Scholar
• Semantic Scholar

export BibTeX citation Loading…

BibTeX formatted citation

×

loading…

Data provided by:

Bookmark

[

](http://www.bibsonomy.org/BibtexHandler?requTask=upload&url=https://arxiv.org/abs/2410.09839&description=RISC-V Needs Secure 'Wheels': the MCU Initiator-Side Perspective "Bookmark on BibSonomy")[

](https://reddit.com/submit?url=https://arxiv.org/abs/2410.09839&title=RISC-V Needs Secure 'Wheels': the MCU Initiator-Side Perspective "Bookmark on Reddit")

Bibliographic Tools

Bibliographic and Citation Tools

Bibliographic Explorer Toggle

Bibliographic Explorer (What is the Explorer?)

Connected Papers Toggle

Connected Papers (What is Connected Papers?)

Litmaps Toggle

Litmaps (What is Litmaps?)

scite.ai Toggle

scite Smart Citations (What are Smart Citations?)

Code, Data, Media

Code, Data and Media Associated with this Article

alphaXiv Toggle

alphaXiv (What is alphaXiv?)

Links to Code Toggle

CatalyzeX Code Finder for Papers (What is CatalyzeX?)

DagsHub Toggle

DagsHub (What is DagsHub?)

GotitPub Toggle

Gotit.pub (What is GotitPub?)

Huggingface Toggle

Hugging Face (What is Huggingface?)

Links to Code Toggle

Papers with Code (What is Papers with Code?)

ScienceCast Toggle

ScienceCast (What is ScienceCast?)

Demos

Demos

Replicate Toggle

Replicate (What is Replicate?)

Spaces Toggle

Hugging Face Spaces (What is Spaces?)

Spaces Toggle

TXYZ.AI (What is TXYZ.AI?)

Related Papers

Recommenders and Search Tools

Link to Influence Flower

Influence Flower (What are Influence Flowers?)

Core recommender toggle

CORE Recommender (What is CORE?)

• Author
• Venue
• Institution
• TopicAbout arXivLabs

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

AI Analysis

Structured Report: RISC-V Needs Secure 'Wheels'

Key Highlights

• Automotive Security Gap: The paper asserts that current RISC-V ISA and existing extensions are inadequate for handling the complex security requirements of modern, virtualized automotive Electronic Control Units (ECUs).
• Standard Compliance: The primary security driver is compliance with the new automotive cyber-security certification standard, ISO 21434.
• Technology Critique: The authors provide a critical perspective specifically on the limitations of the "upcoming WorldGuard technology" in securing virtualized MCU environments.
• Proposed Solution: The core innovation is the proposal of specific ISA extensions designed to address these limitations, primarily focusing on protection from the "initiator-side perspective."
• Open-Source Roadmap: The research includes a clear plan for developing an open-source proof-of-concept (PoC) to validate the proposed extensions.

Technical Details

• Application Focus: Modern automotive electrical/electronic (E/E) architectures, involving the virtualization of physically separate ECUs into logical partitions within a single physical MCU.
• Security Standard: ISO 21434, the governing certification standard for cyber-security in the automotive industry, which drives the need for enhanced security features.
• Architectural Deficiencies: The paper points out RISC-V's current inability to effectively manage security in high-density functionality integration environments.
• Proposed Mechanism: New Instruction Set Architecture (ISA) extensions are proposed, designed specifically to enforce "initiator-side protection" in virtualized MCU systems.
• Proof-of-Concept Components: The open-source PoC plan involves three main components: extending the QEMU emulator, modifying an existing open-source RISC-V core, and developing a complete software stack to demonstrate functionality.

Implications

• RISC-V in Automotive: Successful implementation of the proposed extensions is crucial for accelerating RISC-V adoption in the safety- and security-critical automotive market, enabling competition with established architectures.
• Standardizing Security: By defining the necessary ISA extensions required to meet ISO 21434, the work guides future RISC-V development efforts toward mandatory cyber-security compliance.
• Enhanced Virtualization Safety: Focusing on "initiator-side protection" directly addresses threats arising from highly integrated and virtualized MCU environments, preventing unauthorized access or interference between logical partitions (ECUs).
• Community Contribution: The commitment to an open-source PoC (QEMU, core extensions) ensures that these advanced security features are accessible and verifiable by the wider hardware and security community, fostering rapid deployment and refinement.