Faulting RISC-V - Comparing the Fault Resilience of the RISC-V Instruction Set Architecture


Side-channel analysis allows sophisticated attackers to extract information by observing the time of different code paths, or the way a processor running a certain program interacts with its environment by consuming differing amounts of power or emitting an electro-magnetic field. By actively interacting with the processor, attacker gain even more power. Now attacks using vectors such as the power supply, clock, laser or electro-magentic impulses give attackers the possibility to actively influence which code paths will be taken, or even to replace existing with completely new instructions. To gain more knowledge of what exactly is possible, an analysis of the ARM Thumb [1] branch instructions was taken as basis and a comparable analysis of RISC-V was conducted. From this analysis, inherent advantages of the instruction-set encoding used by RISC-V were discovered.

TU Wien