RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Muhammad Awais; Maria Mushtaq; Lirida Naviner; Florent Bruguier; Jawad Haj Yahya

doi:10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Muhammad Awais
, Maria Mushtaq
, Lirida Naviner
, Florent Bruguier
, Jawad Haj Yahya

Telecom Paris
DALI/LIRMM
Rivos Inc

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

Original language	English
Title of host publication	AISC 2026 - 2026 Australasian Information Security Conference
Editors	Yong Xiang, Nasrin Sohrabi, Jason Xue, Dan Kim
Publisher	Association for Computing Machinery, Inc
Pages	10-19
Number of pages	10
ISBN (Electronic)	9798400722820
DOIs	https://doi.org/10.1145/3793638.3793640
Publication status	Published - 25 Mar 2026
Event	2026 Australasian Information Security Conference, AISC 2026 - Melbourne, Australia Duration: 11 Feb 2026 → 12 Feb 2026

Publication series

Name	AISC 2026 - 2026 Australasian Information Security Conference

Conference

Conference	2026 Australasian Information Security Conference, AISC 2026
Country/Territory	Australia
City	Melbourne
Period	11/02/26 → 12/02/26

Keywords

Attacks Simulation.
Embedded Systems
Hardware Attacks
Hardware Security
ISA Security
Pre-silicon Validation
RISC-V
Side-channel Profiling
gem5

Access to Document

10.1145/3793638.3793640

Cite this

Awais, M., Mushtaq, M., Naviner, L., Bruguier, F., & Haj Yahya, J. (2026). RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. In Y. Xiang, N. Sohrabi, J. Xue, & D. Kim (Eds.), AISC 2026 - 2026 Australasian Information Security Conference (pp. 10-19). (AISC 2026 - 2026 Australasian Information Security Conference). Association for Computing Machinery, Inc. https://doi.org/10.1145/3793638.3793640

Awais, Muhammad ; Mushtaq, Maria ; Naviner, Lirida et al. / RV-Sec5 : Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. AISC 2026 - 2026 Australasian Information Security Conference. editor / Yong Xiang ; Nasrin Sohrabi ; Jason Xue ; Dan Kim. Association for Computing Machinery, Inc, 2026. pp. 10-19 (AISC 2026 - 2026 Australasian Information Security Conference).

@inproceedings{8b1449632ae34d3f957d464a9ad26065,

title = "RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5",

abstract = "The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.",

keywords = "Attacks Simulation., Embedded Systems, Hardware Attacks, Hardware Security, ISA Security, Pre-silicon Validation, RISC-V, Side-channel Profiling, gem5",

author = "Muhammad Awais and Maria Mushtaq and Lirida Naviner and Florent Bruguier and \{Haj Yahya\}, Jawad",

note = "Publisher Copyright: {\textcopyright} 2026 Copyright held by the owner/author(s).; 2026 Australasian Information Security Conference, AISC 2026 ; Conference date: 11-02-2026 Through 12-02-2026",

year = "2026",

month = mar,

day = "25",

doi = "10.1145/3793638.3793640",

language = "English",

series = "AISC 2026 - 2026 Australasian Information Security Conference",

publisher = "Association for Computing Machinery, Inc",

pages = "10--19",

editor = "Yong Xiang and Nasrin Sohrabi and Jason Xue and Dan Kim",

booktitle = "AISC 2026 - 2026 Australasian Information Security Conference",

}

Awais, M, Mushtaq, M , Naviner, L, Bruguier, F & Haj Yahya, J 2026, RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. in Y Xiang, N Sohrabi, J Xue & D Kim (eds), AISC 2026 - 2026 Australasian Information Security Conference. AISC 2026 - 2026 Australasian Information Security Conference, Association for Computing Machinery, Inc, pp. 10-19, 2026 Australasian Information Security Conference, AISC 2026, Melbourne, Australia, 11/02/26. https://doi.org/10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. / Awais, Muhammad; Mushtaq, Maria ; Naviner, Lirida et al.
AISC 2026 - 2026 Australasian Information Security Conference. ed. / Yong Xiang; Nasrin Sohrabi; Jason Xue; Dan Kim. Association for Computing Machinery, Inc, 2026. p. 10-19 (AISC 2026 - 2026 Australasian Information Security Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RV-Sec5

T2 - 2026 Australasian Information Security Conference, AISC 2026

AU - Awais, Muhammad

AU - Mushtaq, Maria

AU - Naviner, Lirida

AU - Bruguier, Florent

AU - Haj Yahya, Jawad

PY - 2026/3/25

Y1 - 2026/3/25

N2 - The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

AB - The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

KW - Attacks Simulation.

KW - Embedded Systems

KW - Hardware Attacks

KW - Hardware Security

KW - ISA Security

KW - Pre-silicon Validation

KW - RISC-V

KW - Side-channel Profiling

KW - gem5

UR - https://www.scopus.com/pages/publications/105036530763

U2 - 10.1145/3793638.3793640

DO - 10.1145/3793638.3793640

M3 - Conference contribution

AN - SCOPUS:105036530763

T3 - AISC 2026 - 2026 Australasian Information Security Conference

SP - 10

EP - 19

BT - AISC 2026 - 2026 Australasian Information Security Conference

A2 - Xiang, Yong

A2 - Sohrabi, Nasrin

A2 - Xue, Jason

A2 - Kim, Dan

PB - Association for Computing Machinery, Inc

Y2 - 11 February 2026 through 12 February 2026

ER -

Awais M, Mushtaq M , Naviner L, Bruguier F, Haj Yahya J. RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. In Xiang Y, Sohrabi N, Xue J, Kim D, editors, AISC 2026 - 2026 Australasian Information Security Conference. Association for Computing Machinery, Inc. 2026. p. 10-19. (AISC 2026 - 2026 Australasian Information Security Conference). doi: 10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this