RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Muhammad Awais; Maria Mushtaq; Lirida Naviner; Florent Bruguier; Jawad Haj Yahya

doi:10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Muhammad Awais
, Maria Mushtaq
, Lirida Naviner
, Florent Bruguier
, Jawad Haj Yahya

Telecom Paris
DALI/LIRMM
Rivos Inc

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

langue originale	Anglais
titre	AISC 2026 - 2026 Australasian Information Security Conference
rédacteurs en chef	Yong Xiang, Nasrin Sohrabi, Jason Xue, Dan Kim
Editeur	Association for Computing Machinery, Inc
Pages	10-19
Nombre de pages	10
ISBN (Electronique)	9798400722820
Les DOIs	https://doi.org/10.1145/3793638.3793640
état	Publié - 25 mars 2026
Evénement	2026 Australasian Information Security Conference, AISC 2026 - Melbourne, Australie Durée: 11 févr. 2026 → 12 févr. 2026

Série de publications

Nom	AISC 2026 - 2026 Australasian Information Security Conference

Une conférence

Une conférence	2026 Australasian Information Security Conference, AISC 2026
Pays/Territoire	Australie
La ville	Melbourne
période	11/02/26 → 12/02/26

Accès au document

10.1145/3793638.3793640

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Awais, M., Mushtaq, M., Naviner, L., Bruguier, F., & Haj Yahya, J. (2026). RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. Dans Y. Xiang, N. Sohrabi, J. Xue, & D. Kim (eds.), AISC 2026 - 2026 Australasian Information Security Conference (p. 10-19). (AISC 2026 - 2026 Australasian Information Security Conference). Association for Computing Machinery, Inc. https://doi.org/10.1145/3793638.3793640

Awais, Muhammad ; Mushtaq, Maria ; Naviner, Lirida et al. / RV-Sec5 : Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. AISC 2026 - 2026 Australasian Information Security Conference. Editeur / Yong Xiang ; Nasrin Sohrabi ; Jason Xue ; Dan Kim. Association for Computing Machinery, Inc, 2026. p. 10-19 (AISC 2026 - 2026 Australasian Information Security Conference).

@inproceedings{8b1449632ae34d3f957d464a9ad26065,

title = "RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5",

abstract = "The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.",

keywords = "Attacks Simulation., Embedded Systems, Hardware Attacks, Hardware Security, ISA Security, Pre-silicon Validation, RISC-V, Side-channel Profiling, gem5",

author = "Muhammad Awais and Maria Mushtaq and Lirida Naviner and Florent Bruguier and \{Haj Yahya\}, Jawad",

note = "Publisher Copyright: {\textcopyright} 2026 Copyright held by the owner/author(s).; 2026 Australasian Information Security Conference, AISC 2026 ; Conference date: 11-02-2026 Through 12-02-2026",

year = "2026",

month = mar,

day = "25",

doi = "10.1145/3793638.3793640",

language = "English",

series = "AISC 2026 - 2026 Australasian Information Security Conference",

publisher = "Association for Computing Machinery, Inc",

pages = "10--19",

editor = "Yong Xiang and Nasrin Sohrabi and Jason Xue and Dan Kim",

booktitle = "AISC 2026 - 2026 Australasian Information Security Conference",

}

Awais, M, Mushtaq, M , Naviner, L, Bruguier, F & Haj Yahya, J 2026, RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. Dans Y Xiang, N Sohrabi, J Xue & D Kim (eds), AISC 2026 - 2026 Australasian Information Security Conference. AISC 2026 - 2026 Australasian Information Security Conference, Association for Computing Machinery, Inc, p. 10-19, 2026 Australasian Information Security Conference, AISC 2026, Melbourne, Australie, 11/02/26. https://doi.org/10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. / Awais, Muhammad; Mushtaq, Maria ; Naviner, Lirida et al.
AISC 2026 - 2026 Australasian Information Security Conference. Ed. / Yong Xiang; Nasrin Sohrabi; Jason Xue; Dan Kim. Association for Computing Machinery, Inc, 2026. p. 10-19 (AISC 2026 - 2026 Australasian Information Security Conference).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - RV-Sec5

T2 - 2026 Australasian Information Security Conference, AISC 2026

AU - Awais, Muhammad

AU - Mushtaq, Maria

AU - Naviner, Lirida

AU - Bruguier, Florent

AU - Haj Yahya, Jawad

PY - 2026/3/25

Y1 - 2026/3/25

N2 - The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

AB - The modularity of the RISC-V Instruction Set Architecture (ISA) has accelerated its adoption in security-critical domains, yet it introduces significant challenges for pre-silicon security validation. Current evaluation methods often rely on high-level emulation that overlooks microarchitectural side effects or post-silicon testing that identifies vulnerabilities too late in the design cycle. This paper presents RV-Sec5, a systematic framework for ISA-level security evaluation that leverages the gem5 simulator. Unlike standard simulators, RV-Sec5 introduces a methodology to map high-level security invariants - such as privilege isolation and memory protection - directly to automated, cycle-accurate instrumentation points within the ISA decoder. This approach bridges the semantic gap between abstract security policies and low-level hardware execution. We demonstrate the framework's efficacy through a case study involving unauthorized Control and Status Register (CSR) modifications, showing how RV-Sec5 detects privilege escalation attempts and monitors microarchitectural anomalies, such as TLB flushes and cache state changes, in real-time.

KW - Attacks Simulation.

KW - Embedded Systems

KW - Hardware Attacks

KW - Hardware Security

KW - ISA Security

KW - Pre-silicon Validation

KW - RISC-V

KW - Side-channel Profiling

KW - gem5

UR - https://www.scopus.com/pages/publications/105036530763

U2 - 10.1145/3793638.3793640

DO - 10.1145/3793638.3793640

M3 - Conference contribution

AN - SCOPUS:105036530763

T3 - AISC 2026 - 2026 Australasian Information Security Conference

SP - 10

EP - 19

BT - AISC 2026 - 2026 Australasian Information Security Conference

A2 - Xiang, Yong

A2 - Sohrabi, Nasrin

A2 - Xue, Jason

A2 - Kim, Dan

PB - Association for Computing Machinery, Inc

Y2 - 11 February 2026 through 12 February 2026

ER -

Awais M, Mushtaq M , Naviner L, Bruguier F, Haj Yahya J. RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5. Dans Xiang Y, Sohrabi N, Xue J, Kim D, rédacteurs en chef, AISC 2026 - 2026 Australasian Information Security Conference. Association for Computing Machinery, Inc. 2026. p. 10-19. (AISC 2026 - 2026 Australasian Information Security Conference). doi: 10.1145/3793638.3793640

RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation using gem5

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation