RISCoT – Security Analysis of Trusted Execution Environments on RISC-V
RISCoT - Security Analysis of Trusted Runtime Environments on RISC-V
With the increasing spread of apps in all areas of life, the amount of functionalities offered by a mobile device is growing. This in turn increases the demands on the security of the devices, as the most intimate data can be found on them — from private photos to business mails and customer data to one’s own bank account.
In the area of this broad research field, trusted runtime environments, so-called Trusted Execution Environments (TEEs), have become established and are now used extensively in mobile devices. TEEs provide isolation within a processor and contain a separate execution area that can be used for special applications. The strong isolation between the TEE and the ordinary operating system makes it suitable for particularly safety-critical operations. In practice, TEEs are a central building block and the basis for encryption functions and secure authentication.
While today most processors in mobile devices are based on the ARM architecture, which in turn offers TEEs, research and industry are looking towards RISC-V, a license-free architecture. While the architecture has been used successfully in the industrial sector for years, experience for the mobile market is still very limited. Nevertheless, the technology offers many opportunities for innovation, as functional and safety-relevant requirements for a system are taken into account early in the development and can thus be implemented more effectively.
In RISCoT, tools and techniques are developed for security researchers to test TEE implementations on RISC-V and applications based on it for their security. This supports both existing and future developments in research and industry.
- Bove, D. (2022). Secure Services for Standard RISC-V Architectures. In Association for Computing Machinery (Eds.), Proceedings of the 17th International Conference on Availability, Reliability and Security. Vienna, Austria, AT.
- Bove, D. (2022). SoK: The Evolution of Trusted UI on Mobile. In Association for Computing Machinery (Eds.), ASIA CCS '22: Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (pp. 616 - 629). Nagasaki, Japan.
Source code “Keystone for HiFive Unmatched with Debian/Ubuntu”: keystone-unmatched-ubuntu.zip (Linux build)
Presentation slides “Secure Services for Standard RISC-V Architectures”: riscv-ss-presentation.pdf
Name of the project: Software Campus 2.0 (FAU)
Acronym of the microproject: RISCoT
Project lead: Davide Bove