TY - GEN
T1 - Evict+Spec+Time on RISC-V
T2 - 28th Euromicro Conference on Digital System Design, DSD 2025
AU - Khan, Mahreen
AU - Mushtaq, Maria
AU - Pacalet, Renaud
AU - Apvrille, Ludovic
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - Microarchitectural side-channel attacks are a growing concern and have been widely studied on x86 and ARM architectures, but RISC-V's susceptibility to similar attacks remains understudied. We present the first implementation and evaluation of the Evict+Spec+Time attack on RISC-V, previously demonstrated only on x86 [2]. This advanced variant of Evict+Time integrates three critical phases: eviction, speculation, and timing. First, the attack forcibly evicts target cache lines using RISC-V's cbo.flush instruction via the Zicbom extension [6]. Next, it exploits out-of-order execution to manipulate microarchitectural resources such as the reorder buffer, limiting the processor's ability to mask cache-miss latency. Finally, it infers secret-dependent memory access patterns through precise timing measurements. We validate RISC-V's vulnerability by recovering secret keys from AES T-table implementations. Using the gem5 simulator [4], we provide the first detailed analysis of microarchitectural behavior during the attack, including cache contention, pipeline stalls, and latency variations. These insights establish foundational guidance for developing RISC-V-specific countermeasures against such attacks.
AB - Microarchitectural side-channel attacks are a growing concern and have been widely studied on x86 and ARM architectures, but RISC-V's susceptibility to similar attacks remains understudied. We present the first implementation and evaluation of the Evict+Spec+Time attack on RISC-V, previously demonstrated only on x86 [2]. This advanced variant of Evict+Time integrates three critical phases: eviction, speculation, and timing. First, the attack forcibly evicts target cache lines using RISC-V's cbo.flush instruction via the Zicbom extension [6]. Next, it exploits out-of-order execution to manipulate microarchitectural resources such as the reorder buffer, limiting the processor's ability to mask cache-miss latency. Finally, it infers secret-dependent memory access patterns through precise timing measurements. We validate RISC-V's vulnerability by recovering secret keys from AES T-table implementations. Using the gem5 simulator [4], we provide the first detailed analysis of microarchitectural behavior during the attack, including cache contention, pipeline stalls, and latency variations. These insights establish foundational guidance for developing RISC-V-specific countermeasures against such attacks.
KW - AES T-table
KW - Cache timing attacks
KW - Evict+Spec+Time
KW - Hardware security
KW - Microarchitectural attacks
KW - Out-of-order execution
KW - RISC-V
KW - Speculative execution
KW - gem5
UR - https://www.scopus.com/pages/publications/105030545802
U2 - 10.1109/DSD67783.2025.00045
DO - 10.1109/DSD67783.2025.00045
M3 - Conference contribution
AN - SCOPUS:105030545802
T3 - Proceedings - 2025 28th Euromicro Conference on Digital System Design, DSD 2025
SP - 260
EP - 267
BT - Proceedings - 2025 28th Euromicro Conference on Digital System Design, DSD 2025
A2 - Casini, Daniel
A2 - Cazorla, Francisco J.
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 10 September 2025 through 12 September 2025
ER -