This dissertation presents a comprehensive study on the enhancement of unprivileged domain isolation in reduced instruction set computer (RISC)-V architectures, focusing on the design and implementation of the trust guard extension (TGX) framework. Embedded systems, essential parts of the evolving Internet of Things environment, are increasingly required to perform real-time complex tasks with limited computational resources. Robust security mechanisms are increasingly imperative as the role of these devices expands from controlling simple devices to managing complex, networked systems. However, traditional RISC-V techniques for memory isolation are unable to support the switching between a trusted execution environment without incurring a performance overhead.
This dissertation addresses the critical challenge of supporting domain isolation within RISC-V architectures. The primary challenge is to implement effective hardware-based memory protection mechanisms that operate efficiently within the constraints of embedded systems. Traditional software-based protections are reasonable, but they do not provide the necessary support for rapid memory permission changes. Furthermore, existing hardware-based solutions, such as Arm TrustZone, while effective, are not natively supported on RISC-V and have their own limitations.
A meticulous and structured approach was employed in implementing the TGX framework, beginning with a thorough analysis of the existing RISC-V architecture to identify key areas where domain isolation could be enhanced without significantly impacting performance. This analysis led to the development of two primary protection methods: Segment Level Memory Protection (SLMP) and Instruction Level Memory Protection (ILMP). SLMP extends the capabilities of Physical Memory Protection (PMP) by providing fine-grained, execution-oriented isolation. This allows for precise control over memory access based on execution segments, significantly reducing the risk of unauthorized access. ILMP complements this by offering dynamic, real-time access controls at the instruction level, adjusting memory access permissions based on the executing instructions to ensure compliance with security policies.
The TGX framework adopts a hybrid approach that combines inter-domain, execution-oriented isolation with intra-domain, instruction-level access controls. This approach leverages the strengths of existing technologies, such as MPK, while enhancing them with the unique capabilities of RISC-V. The framework ensures seamless and secure transitions between trust execution environment in user space without requiring software intervention at the privilege level.
This dissertation advances the state-of-the-art in domain isolation for RISC-V and provides a scalable and efficient solution for enhancing security in embedded systems. By employing a comprehensive methodology with a detailed evaluation of memory-protection features, their effectiveness, and hardware overhead implications, the dissertation offers significant contributions to the field of embedded system security. The research includes a practical hardware implementation evaluation and software overhead analysis, utilizing benchmarks such as Embench-iot to demonstrate the effectiveness of the proposed approach in real-world IoT environments. These findings and methodologies provide a foundation for future research directions aimed at further optimizing and expanding domain isolation technologies.

• I. Introduction 1
• A. Research Background 1
• B. Contributions 6
• C. Dissertation Outline 7
• II. Preliminary 9
• A. RISC-V 9
• 1. RISC-V Instruction Set Architecture 10
• 2. Physical Memory Protection 16
• B. Secure Embedded RISC-V System 21
• 1. Architecture Overview of Secure Embedded RISC-V System 21
• 2. Limitations of Secure Embedded RISC-V System 22
• C. RISC-V Ibex core 26
• 1. Hardware architecture overview of Ibex core 26
• 2. Performance and hardware cost of Ibex core 28
• III. Domain Isolation 30
• A. Review of Existing Domain Isolation Techniques 31
• 1. Execution-Aware Memory Protection (EA-MPU) 31
• 2. Arm TrustZone-M 32
• 3. Memory Protection Key 34
• 4. Memory Tagging Extension 36
• B. Domain Isolation Methods 38
• 1. Inter-Domain Isolation 38
• 2. Intra-Domain Isolation 40
• C. SLMP: Inter-Domain Isolation in RISC-V Architecture 42
• 1. Design of Inter-Domain Isolation in SLMP 42
• 2. Implementation of SLMP in RISC-V 45
• 3. Evaluation of SLMP Implementation 53
• 4. Key Security Enhancement from SLMP: Multi-Domain Support 58
• 5. Limitation of SLMP: Inefficient Domain Configuration 58
• D. ILMP: Intra-Domain Isolation in RISC-V Architecture 60
• 1. Intra-domain isolation design in ILMP 60
• 2. Implementation of ILMP in RISC-V 63
• 3. Evaluation of ILMP 71
• 4. Key Security Enhancement from ILMP: Robust Against Exploitation of Shared Memory 77
• 5. Limitation of ILMP: Limited Number of Domains 78
• E. Comparative Analysis of SLMP and ILMP 78
• IV. Trust Guard eXtension Framework 80
• A. Design of TGX Framework 82
• 1. Domain Boundaries in the TGX Framework 84
• 2. Enhanced Intra-Domain Isolation for the TGX Framework 86
• 3. Efficient Inter-Domain Isolation for the TGX Framework 87
• 4. Novel ISA for the TGX Framework 88
• B. Implementation of TGX Framework in RISC-V 92
• 1. Domain Configuration Register 92
• 2. Instruction Set Architecture 97
• 3. Processor Status Register 99
• 4. Memory Protection Logic 102
• C. Evaluation of TGX Framework 108
• 1. Hardware overhead evaluation 109
• 2. Domain Isolation Effectiveness 111
• D. Experimental 113
• 1. Experimental Method 113
• 2. Evaluate Standard RISC-V Memory Isolation Overhead 114
• 3. Evaluate TGX Framework Overhead 118
• V. Discussion 126
• A. Comprehensive Security Enhancements in TGX 126
• 1. Advanced Domain Isolation Techniques 126
• 2. Comprehensive Security Measures 129
• 3. Optimized Security Solutions for Embedded Systems 130
• B. Comparison with SLMP , ILMP and TGX framework. 133
• C. Comparison with Related Techniques 135
• VI. Conclusions 138
• A. Conclusions 138
• B. Future Works 139

1. Intel SGX explained, COSTAN, Victor, DEVADAS, Srinivas, Cryptology ePrint Archive, , 2016

2. Home automation networksA survey, Toschi, G. M., Campos, L. B., Cugnasca, C. E., 50, 42–54, , 2017

3. Principles of remote attestation, COKER, George, et al, 10: 63-81, , 2011

4. ARM Architecture Reference Manual, Seal, D., Pearson Education: San Fransisco, CA, USA, , 2001

5. ARMv8-M Architecture Technical Overview, Yiu, J., In ARM White Paper; ARM: Waltham, MA, USA, , 2015

6. TyTANTiny Trust Anchor for Tiny Devices, El Mahjoub, B., Koeberl, P., Sadeghi, A. R., Brasser, F., Wachsmann, C., In Proceedings of the 52nd Annual Design Automation Conference, New York, NY, USA, 8–12, , 2015

7. CoMeTConfigurable Tagged Memory Extension, Pratama, D., Lee, J., Kim, H., Kwon, D., Kim, M., 21, 7771, , 2021

8. A scalable web cache consistency architecture, BRESLAU, Lee, SHENKER, Scott, YU, Haobo, 29.4: 163-174, , 1999

9. EPKScalable and Efficient Memory Protection Keys, Xia, Y., Chen, H., Li, W., Gu, J., Li, H., In Proceedings of the 2022 USENIX Annual Technical Conference (USENIX ATC 22); USENIX Association: Carlsbad, CA, USA pp. 609–624, , 2022

10. Design of the RISC-V Instruction Set Architecture, Waterman, A. S., Ph. D. `Thesis, University of California: Berkeley, CA, USA, , 2016

11. A primer on memory consistency and cache coherence, SORIN, Daniel, WOOD, David, HILL, Mark, Morgan & Claypool Publishers, , 2011

12. TrustZoneIntegrated hardware and software security, Tiago Alves and Don Felton, ARM white paper 3, 4 (2004), 18--24, , 2004

13. Detecting cross-language memory management issues in rust, LI, Zhuohua, et al, In: European Symposium on Research in Computer Security. Cham: Springer Nature Switzerland p. 680-700, , 2022

14. How to Secure a RISC-V Embedded System in Just 30 Minutes, Barnetson, D., Hex Five Security Inc.: San Jose, CA, USA, , 2019

15. TrustLiteA Security Architecture for Tiny Embedded Devices, Koeberl, P., Varadharajan, V., Schulz, S., Sadeghi, A. R., In Proceedings of the 9th European Conference on Computer Systems, New York, NY, USA, , 2014

16. Architectural support for copy and tamper resistant software, Dan Boneh, Chandramohan Thekkath, Patrick Lincoln, Mark Horowitz, John Mitchell and, David Lie, Mark Mitchell, SIGPLAN Not. 35, 11, 168–177, , 2000

17. The internet of things for health careA comprehensive survey, Hossain, M., Kwak, D., Kabir, M. H., Islam, S. R., Kwak, K. S., IEEE Access 3, 678–708, , 2015

18. Strengthening VM isolation with integrity protection and more, SEV-SNP, A. M. D., 53: 1450-1465, , 2020

19. 13 The RISC-V Instruction Set Manual Document Version 20240411, RISC-V Foundation, Volume I: User-Level ISA RISCV: New Haven, CN, USA, 2024, , 2024

20. Jenny Securing Syscalls for PKU-based Memory Isolation Systems, Mangard, S., Sadek, R., Weiser, S., Schrammel, D., In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22); USENIX Association: Boston, MA, USA pp. 936–952, , 2022

21. Domain Keys–Efficient In-Process Isolation for RISC-V and x86, Steinegger, S., Schwarz, M., Gruss, D. Donky, Schwarzl, M., Mangard, S., Schrammel, D., Weiser, S., In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20); USENIX Association: Boston, MA, USA, , 2020

22. Requirements of the Smart Factory SystemA Survey and Perspective, Salah, B., Mabkhot, M., Alkhalefah, H., Al-Ahmari, A., 6, 23, , 2018

23. SanctumMinimal hardware extensions for strong software isolation, LEBEDEV, Ilia, DEVADAS, Srinivas, COSTAN, Victor, In: 25th USENIX Security Symposium (USENIX Security 16) p. 857-874, , 2016

24. How often do single-statement bugs occur? the manysstubs4j dataset, KARAMPATSIS, Rafael-Michael; SUTTON, Charles, p. 573-577, , 2020

25. BASTION}A security enforcement network stack for container networks, NAM, Jaehyun, et al, In 2020 USENIX Annual Technical Conference (USENIX ATC 20) p. 81-95, , 2020

26. MondrixMemory Isolation for Linux Using Mondriaan Memory Protection, Witchel, E., Asanovi´c, K., Rhee, J., 39, 31–44, , 2005

27. Real-time thread isolation and trusted execution on embedded RISC-V, Raza, S., Midéus, G., Lindemer, S., In Proceedings of the International Workshop on Secure RISC-V Architecture Design Exploration (SECRISC-V), Virtual, , 2020

28. ERIMSecure Efficient In-process Isolation with Protection Keys (MPK), Duarte, N. O., Druschel, P., Sammler, M., Vahldiek-Oberwagner, A., Garg, D., Elnikety, E., In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19); USENIX Association: Santa Clara, CA, USA, 2019; pp. 1221–1238., , 2019

29. Security and privacy in device-to-device (D2D) communicationA review, Tarkoma, S., Ding, A. Y., Haus, M., Waqas, M., Li, Y., Ott, J, 19, 1054–1079, , 2017

30. RIMIInstruction-level memory isolation for embedded systems on RISC-V, Lee, J., Kwon, D., Kim, H., Awaludin, A. M., Kim, H., Pratama, D., In Proceedings of the 39th International Conference on Computer-Aided Design, Virtual, 2 –5 pp. 1–9, , 2020

31. TIMBER-V Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V, Mangard, S., Werner, M., Sadeghi, A. R., Malenko, M., Weiser, S., Brasser, F., In Proceedings of the NDSS, San Diego, CA, USA, 24–27, , 2019

32. Hardware Enforcement of Application Security Policies Using Tagged Memory, Kozyrakis, C., Kannan, H., Zeldovich, N., Dalton, M., In Proceedings of the OSDI, San Diego, CA, USA, 8–10 Volume 8; pp. 225–240, , 2008

33. KeystoneAn open framework for architecting trusted execution environments, LEE, Dayeol, et al, In Proceedings of the Fifteenth European Conference on Computer Systems p. 1-16, , 2020

34. SHARD}:{Fine-Grained} Kernel Specialization with {Context-Aware} Hardening, ABUBAKAR, Muhammad, et al, In 30th USENIX Security Symposium (USENIX Security 21) p. 2435-2452, , 2021

35. Recent Advances and Trends in On-Board Embedded and Networked Automotive Systems, S. Mubeen and, R. Mariani, L. L. Bello, S. Saponara, IEEE Transactions on Industrial Informatics, vol. 15, no. 2, pp. 1038-1051, , 2019

36. Securing Real-Time Microcontroller Systems through Customized Memory View Switching, Lee, B., Xu, D., Kim, C. H., Choi, H., Kim, T., Gu, Z., Zhang, X., In Proceedings of the NDSS, San Diego, CA, USA, 18–21, , 2018

37. 32 The RISC-V Instruction Set Manual Privileged Architecture Document Version 20240411, RISC-V Foundation, Volume 2 2024, , 2024

38. A survey of remote attestation in Internet of ThingsAttacks countermeasures and prospects, KUANG, Boyu, et al, 112: 102498, , 2022

39. A Review on Energy Consumption Optimization Techniques in IoT Based Smart Building Environments, Lajis, A., Nasir, H., Shah, A. S., Shah, A, Fayaz, M., 10, 108, , 2019

40. ARM® Memory Protection Unit (MPU) In Practical Microcontroller Engineering with ARM Technology, Bai, Y., John Wiley & Sons: Hoboken, NJ, USA pp. 951–974, , 2016

41. TRust}A Compilation Framework for In-process Isolation to Protect Safe Rust against Untrusted Code, BANG, Inyoung, et al, In 32nd USENIX Security Symposium (USENIX Security 23). 2023. p. 6947-6964, , 2023

42. Security threats and measures in the Internet of Things for smart city infrastructureA state of art, Arya, R., Sharma, R., Trans. Emerg. Telecommun. Technol e4571, , 2022

43. The role of artificial intelligence and machine learning in wireless networks securityPrinciple practice and challenges, Abbas, G., Tu, S., Abbas, Z. H., Waqas, M., Rehman, S. U., Halim, Z., 55, 5215–5261CrossRef, , 2022