RISC-V is an emerging technology, with applications ranging from embedded devices to high-performance servers. Therefore, more and more security-critical workloads will be conducted with code that is compiled for RISC-V. Well-known microarchitectural side-channel attacks against established platforms like x86 apply to RISC-V CPUs as well. As RISC-V does not mandate any hardware-based side-channel countermeasures, a piece of code compiled for a generic RISC-V CPU in a cloud server cannot make safe assumptions about the microarchitecture on which it is running. Existing tools for aiding software-level precautions by checking side-channel vulnerabilities on source code or x86 binaries are not compatible with RISC-V machine code. In this work, we study the requirements and goals of architecture-specific leakage analysis for RISC-V and illustrate how to achieve these goals with the help of fast and precise dynamic binary analysis. We implement all necessary building blocks for finding side-channel leakages on RISC-V, while relying on existing mature solutions when possible. Our leakage analysis builds upon the modular side-channel analysis framework Microwalk, that examines execution traces for leakage through secret-dependent memory accesses or branches. To provide suitable traces, we port the ARM dynamic binary instrumentation tool MAMBO to RISC-V. Our port named MAMBO-V can instrument arbitrary binaries which use the 64-bit general purpose instruction set. We evaluate our toolchain on several cryptographic libraries with RISC-V support and identify multiple exploitable leakages.

翻译：RISC-V 是一项新兴技术，其应用范围涵盖嵌入式设备到高性能服务器。因此，越来越多的安全关键型工作负载将通过针对 RISC-V 编译的代码来执行。针对 x86 等成熟平台的知名微架构侧信道攻击同样适用于 RISC-V CPU。由于 RISC-V 并未强制要求任何基于硬件的侧信道防御措施，云服务器中为通用 RISC-V CPU 编译的代码无法对其运行所依赖的微架构做出安全假设。现有的通过检查源代码或 x86 二进制文件中的侧信道漏洞来辅助软件级防护的工具无法兼容 RISC-V 机器码。在本工作中，我们研究了 RISC-V 架构特定泄露分析的需求与目标，并阐述了如何借助快速且精确的动态二进制分析来实现这些目标。我们实现了在 RISC-V 上定位侧信道泄露所需的全部构建模块，同时在可行时尽量沿用现有的成熟解决方案。我们的泄露分析基于模块化侧信道分析框架 Microwalk，该框架通过检查执行轨迹中的秘密依赖内存访问或分支来识别泄露。为提供合适的轨迹，我们将 ARM 动态二进制插桩工具 MAMBO 移植到 RISC-V 架构。移植后的工具命名为 MAMBO-V，能够对使用 64 位通用指令集的任意二进制文件进行插桩。我们在多个支持 RISC-V 的密码学库上评估了该工具链，并识别出多个可利用的泄露点。