Seventh Workshop on Computer Architecture Research with RISC-V (CARRV 2023)

Saturday June 17th, 2023, Co-located with ISCA 2023

The Seventh Workshop on RISC-V for Computer Architecture Research (CARRV) seeks original research papers with a focus on the security of RISC-V cores. However, papers on the design, implementation and verification of RISC-V cores, SoCs, and accelerators are also encouraged. Submission of early work is encouraged. The topics of specific interest for the workshop include, but are not limited to:

CARRV Invited Talks and Roundtables

This year, as we have been looking more toward security, the CARRV organizers would like to announce our new format this year, augmenting our wrokshop papers with five security-related talks and one round table session. From TEEs to physical side-channels on FPGAs, we have a number of presentations targeting this year’s security focus. In addition to our invited talks, we will host a round-table to discuss the implications of security on design.

CARRV Preliminary Program

9:30am - 11:00am EST - Session 1

Welcome and opening remarks

Feature-Oriented Cache Designs
Justin Deters (SimpleRose and Washington University) and Ron K. Cytron (Washington University) [paper] [slides]

Invited Talk - Design and Implementation of the Labeled RISC-V Architecture
Yungang Bao (Institute of Computing Technology (ICT), Chinese Academy of Sciences (CAS))

Minimizing the Energy Usage of Tiny RISC-V Cores
Asbjørn Djupdal, Magnus Själander, Magnus Jahre, and Snorre Aunet (Norwegian University of Science and Technology (NTNU)) [paper] [slides]
11:00am - 11:20am EST - Coffee Break
11:20am - 12:30pm EST - Session 2

Cache Coherent Framework for RISC-V Many-core Systems
Zexin Fu, Mingzi Wang, Yihai Zhang, Zhangxi Tan (Tsinghua University) [paper] [slides]

Invited Talk - The Double-Edged Sword: Uncovering Security Implications of Performance Optimization in TEE Design
Mengyuan Li (MIT)
AbstractFor years, the main obstacle to cloud adoption has been a lack of trust in Cloud Service Providers (CSPs). The concept of confidential computing has been enabled by an emerging security feature in modern CPUs, dubbed Trusted Execution Environment (TEE), which removes the need to trust the CSP. Aiming to provide data-in-use protection, TEE uses hardware-enabled isolation to protect the cloud workload against both physical access attacks and privileged software-level attacks. Due to the enormous market potential, all main processor vendors have released or are working on releasing confidential VM features in their server CPU lines, including AMD Secure Encrypted Virtualization (SEV), Intel Trust Domain Extension (TDX), and ARM Confidential Compute Architecture (CCA). However, performance optimization in these TEE designs can introduce vulnerabilities.

In this talk, I will present two vulnerabilities identified in AMD SEV resulting from inconsiderate performance optimization. The first vulnerability relates to SEV's improper use of the address space identifier (ASID), which plays a rather important role in improving performance during a context switch. Based on our exploration, we present CrossLine attacks, which exploit a momentary execution to breach the confidentiality and integrity of SEV VMs. The second vulnerability is related to the confidential VM's hardware-accelerated memory encryption engine. We then introduce the ciphertext side channel, a previously unexplored side-channel, allowing a privileged adversary to infer execution states and potentially break constant-time OpenSSL implementations within confidential VMs. Finally, I will discuss existing TEE designs on the RISC-V platform and future directions for TEE design with improved performance.

RGen: A Tool for Generating RISC-V Compiler, Simulator, and Application Support
Derek Zijie Tu, Zhangxi Tan (Tsinghua University) [paper] [slides]
12:30pm - 2:00am EST - Lunch
2:00pm - 3:30pm EST - Session 3

Invited Talk - Instruction-Level Power Side-Channel Leakage Evaluation of Soft-Core CPUs on Shared FPGAs
Ognjen Glamocanin (EPFL)
AbstractSide-channel disassembly attacks recover CPU instructions from power or electromagnetic side-channel traces measured during code execution. These attacks typically rely on physical access, proximity to the victim device, and high sampling rate measuring instruments. In this work, however, we analyze the CPU instruction-level power side-channel leakage in an environment that lacks physical access or expensive measuring equipment. We show that instruction leakage is present even in a multitenant FPGA scenario, where the victim uses a soft-core CPU, and the adversary deploys on-chip voltage-fluctuation sensors. Unlike previous remote power side-channel attacks, which either require a considerable number of victim traces or attack large victim circuits such as machine learning accelerators, we take an evaluator’s point of view and provide an analysis of the instruction-level power side-channel leakage of a small open-source RISC-V soft processor core. To investigate whether the power side-channel traces leak secrets, we profile the victim device and implement various instruction opcode classifiers based on classical machine learning algorithms used in disassembly attacks and novel deep learning approaches. We explore how parameters such as placement, trace averaging, profiling templates, and different FPGA families (including a cloud-scale FPGA) impact classification accuracy. Despite the limited leakage of the soft-core CPU victim and a reduced accuracy and sampling rate of on-chip sensors, we show that in a worst-case scenario for the evaluator, i.e., an attacker breaching physical separation, we can identify the opcode of executed instructions with an average accuracy as high as 86.46%. Our analysis shows that determining the executed instruction type is not a classification bottleneck, while leakages between instructions of the same type can be challenging for deep learning models to distinguish. We also show that the instruction-level leakage is significantly reduced in a cloud-scale FPGA scenario with higher soft-core CPU frequencies. Nevertheless, our results show that even small circuits, such as soft-core CPUs, leak potentially exploitable information through on-chip power side channels, and users should deploy mitigation techniques against disassembly attacks to protect their proprietary code and data.

QEMU-CAS: A Full-System Cycle-Accurate Simulation Framework based on QEMU
Ye Cao, Zhixuan Xu, Zhangxi Tan (Tsinghua University) [paper] [slides]

Invited Talk - Bringing Symbolic Execution to the Security Verification of Hardware Designs
Kaki Ryan (UNC Chapel Hill)
AbstractThe verification of hardware designs is a key activity for ensuring the correctness and security of a design early in the hardware lifecycle. In this talk, I will discuss our work developing a new point in the hardware verification space: software-style symbolic execution. Symbolic execution generalizes testing by replacing concrete values with symbols, with each symbol representing the set of possible values of the variable. This path-based symbolic analysis allows for deep and precise exploration of the design’s state space.

Unfortunately, symbolic execution infamously suffers from the path explosion problem. I will first present the piecewise composition search strategy we developed to leverage the modular and cyclical nature of hardware designs to manage the path explosion problem. Using a hardware-oriented symbolic execution engine, we are able to find vulnerabilities in RISC-V processors that commercial and open-source model checking tools do not find. I will also discuss our results using symbolic execution for information-flow analysis in which we eliminate many of the false-positive flows that static analysis or taint tracking can produce.

A Genetic Algorithm for a Spectre Attack Agnostic to Branch Predictors
Dorian Bourgeoisat, Laurent Sauvage (Télécom Paris - Institut Polytechnique de Paris) [paper] [slides]
3:30pm - 4:00pm EST - Coffee Break
4:00pm - 5:00pm EST - Session 4

Invited Talk - Uncovering Transmitter Instructions on the RISC-V CVA6 Processor
Caroline Trippel (Stanford)

Round Table - Implications for the Design and Validation of Secure Systems
Mengyuan Li (MIT), Caroline Trippel (Stanford), Mengjia Yan (MIT)

Important Dates

*The early paper submission deadline is for those who need an early acceptance for visa purposes, however anyone is welcome to submit then.

Workshop Information

The ISCA 2023 conference organizers have informed us that ISCA 2023, and the workshops and tutorials, will take place in-person this year.

Submission Guidelines

All papers should be submitted electronically to HotCRP. Submissions in PDF format must be limited to 6 pages including figures and tables, plus as many pages as needed for references. Papers must be in PDF format and the submission should be anonymous.

Papers must be formatted in accordance to the ACM two column style. ACM Word or LaTeX style templates are available here.

Note: Workshop publications do not preclude publishing at future conference venues.


All questions about submissions can be emailed to: tcarlson at comp nus edu sg.