Simultaneous Multithreading (SMT) architectures are attractive targets for attackers with side-channel expertise. SMT inherently offers a broader attack surface, exposing more microarchitecture components per physical core for fine-grain attacks. PortSmash (CVE-2018-5407) is a technique that abuses the execution units to exploit port contention, and creates a high-resolution timing side-channel capable of leaking confidential information. PortSmash affects both Intel and AMD architectures featuring SMT technology and due to its nature, it is capable of targetting shared libraries, static builds and even SGX enclaves.
The security needs increase a lot in our connected world. Beyond the perception the software can satisfy the security requirements, it’s obvious that the best solutions could only be a combination of hardware and software mechanisms. The huge activity around the RISC-V cores these last years is not only a buzz or for an unjustified reason. On the contrary, this ecosystem is more than only a new ISA: it is the ideal playground for applying the best practices in embedded security. We will see in this talk what the RISC-V foundation and its academic and industrial members propose for making RISC-V a synonym of security at the core, in the software and at the system level.