System-Level Isolation for Mixed-Criticality RISC-V SoCs: A "World" Reality Check
- URL: http://arxiv.org/abs/2602.05002v1
- Date: Wed, 04 Feb 2026 19:39:56 GMT
- Title: System-Level Isolation for Mixed-Criticality RISC-V SoCs: A "World" Reality Check
- Authors: Luis Cunha, Jose Martins, Manuel Rodriguez, Tiago Gomes, Sandro Pinto, Uwe Moslehner, Kai Dieffenbach, Glenn Farrall, Kajetan Nuernberger, Thomas Roecker,
- Abstract summary: We present a comparative analysis of hardware isolation primitives proposed by RISC-V International.<n>Our results show that the World-based checker introduces a fixed, configuration-independent access latency, achieving lower worst-case delay.<n>All artifacts will be released as open source, and we expect these findings to directly contribute to the evolution and ratification of RISC-V specifications.
- Score: 6.496971253444254
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: As RISC-V adoption accelerates, domains such as automotive, the Internet of Things (IoT), and industrial control are attracting growing attention. These domains are subject to stringent Size, Weight, Power, and Cost (SWaP-C) constraints, which have driven a shift toward heterogeneous Systems-on-Chip (SoCs) integrating general-purpose CPUs, tightly coupled accelerators, and diverse I/O devices with different integrity levels. While such integration improves cost efficiency and performance, it introduces a fundamental safety and security challenge: enforcing system-level isolation in mixed-criticality environments. Although RISC-V International has proposed several hardware isolation primitives, including RISC-V Worlds, IOPMP, and SmMTT, their interoperability, scalability, and suitability for real-time systems remain insufficiently understood. In this paper, we present a comparative analysis of these primitives from the perspective of practical heterogeneous SoC designs. We implement an IOPMP, a World-based checker, and a modified RISC-V World checker that addresses key limitations of the baseline specification, and evaluate their trade-offs in terms of security guarantees and power-performance-area (PPA). Our results show that the World-based checker introduces a fixed, configuration-independent access latency, achieving lower worst-case delay than the evaluated alternatives while scaling predictably with system size. At the macro level, we estimate that the proposed modifications reduce SoC area by up to approximately 5% compared to a baseline design. All artifacts will be released as open source, and we expect these findings to directly contribute to the evolution and ratification of RISC-V specifications, as well as to the design of future RISC-V SoCs.
Related papers
- A Secure and Private Distributed Bayesian Federated Learning Design [56.92336577799572]
Distributed Federated Learning (DFL) enables decentralized model training across large-scale systems without a central parameter server.<n>DFL faces three critical challenges: privacy leakage from honest-but-curious neighbors, slow convergence due to the lack of central coordination, and vulnerability to Byzantine adversaries aiming to degrade model accuracy.<n>We propose a novel DFL framework that integrates Byzantine robustness, privacy preservation, and convergence acceleration.
arXiv Detail & Related papers (2026-02-23T16:12:02Z) - Advanced Machine Learning Approaches for Enhancing Person Re-Identification Performance [10.582858943067041]
Person re-identification (ReID) plays a critical role in intelligent surveillance systems by linking identities across multiple cameras.<n>ReID faces significant challenges such as appearance variations, domain shifts, and limited labeled data.<n>This dissertation proposes three advanced approaches to enhance ReID performance under supervised, unsupervised domain adaptation (UDA) and fully unsupervised settings.
arXiv Detail & Related papers (2026-01-04T03:55:59Z) - When UAV Swarm Meets IRS: Collaborative Secure Communications in Low-altitude Wireless Networks [68.45202147860537]
Low-altitude wireless networks (LAWNs) provide enhanced coverage, reliability, and throughput for diverse applications.<n>These networks face significant security vulnerabilities from both known and potential unknown eavesdroppers.<n>We propose a novel secure communication framework for LAWNs where the selected UAVs within a swarm function as a virtual antenna array.
arXiv Detail & Related papers (2025-10-25T02:02:14Z) - End-to-End Co-Simulation Testbed for Cybersecurity Research and Development in Intelligent Transportation Systems [5.804791448287085]
This chapter discusses an integrated co-simulation testbed that links CARLA for 3D environment and sensor modeling, SUMO for microscopic traffic simulation and control, and OMNeT++ for V2X communication simulation.<n>The co-simulation testbed enables end-to-end experimentation, vulnerability identification, and mitigation benchmarking.<n>To illustrate its capabilities, the chapter incorporates a case study on a C-V2X proactive safety alert system enhanced with post-quantum cryptography.
arXiv Detail & Related papers (2025-09-20T01:21:54Z) - SVAgent: AI Agent for Hardware Security Verification Assertion [19.443845373891044]
This paper proposes an innovative SVA automatic generation framework SVAgent.<n>SVAAgent transforms the original complex requirements into a structured, gradually solvable fine-grained problem-solving chain.<n> Experiments have shown that SVAgent can effectively suppress the influence of hallucinations and random answers.
arXiv Detail & Related papers (2025-07-22T03:36:06Z) - Backscatter Device-aided Integrated Sensing and Communication: A Pareto Optimization Framework [59.30060797118097]
Integrated sensing and communication (ISAC) systems potentially encounter significant performance degradation in densely obstructed urban non-line-of-sight scenarios.<n>This paper proposes a backscatter approximation (BD)-assisted ISAC system, which leverages passive BDs naturally distributed in environments of enhancement.
arXiv Detail & Related papers (2025-07-12T17:11:06Z) - ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Designing Short-Stage CDC-XPUFs: Balancing Reliability, Cost, and
Security in IoT Devices [2.28438857884398]
Physically Unclonable Functions (PUFs) generate unique cryptographic keys from inherent hardware variations.
Traditional PUFs like Arbiter PUFs (APUFs) and XOR Arbiter PUFs (XOR-PUFs) are susceptible to machine learning (ML) and reliability-based attacks.
We propose an optimized CDC-XPUF design that incorporates a pre-selection strategy to enhance reliability and introduces a novel lightweight architecture.
arXiv Detail & Related papers (2024-09-26T14:50:20Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - SafeTI Traffic Injector Enhancement for Effective Interference Testing
in Critical Real-Time Systems [0.4751886527142778]
The SafeTI traffic injector has been released and integrated in a homogeneous RISC-V multicore for testing, otherwise untestable casuistic for software-only solutions.
This paper introduces some enhancements performed on the SafeTI, which include internal pipelining for higher-rate traffic injection, and its tailoring to multiple interfaces, as well as its integration in a more powerful heterogeneous RISC-V multicore based on Gaisler's technology for the space domain.
arXiv Detail & Related papers (2023-07-28T09:26:50Z) - Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive
Privacy Analysis and Beyond [57.10914865054868]
We consider vertical logistic regression (VLR) trained with mini-batch descent gradient.
We provide a comprehensive and rigorous privacy analysis of VLR in a class of open-source Federated Learning frameworks.
arXiv Detail & Related papers (2022-07-19T05:47:30Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.