5th Workshop on RISC-V Activities - Program
At this web page you find the programme of the 5th Workshop on RISC-V Activities. You may expand the programme for each session by clicking on the session title. You will find the detailed timetable, presentation titles and author names. If additional information like an abstract, curriculum vitae or (for attendees of the 5th Workshop on RISC-V Activities only) slides is available, a link below the presentation title is displayed.
You may download all presentations as one single ZIP file (~8,5 MB). (Access for logged in event attendees only!)
Monday, November 7, 2022
09:00 - 10:10
Morning Keynotes
Moderator: Wolfgang Ecker (Infineon Technologies, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 09:00 | Welcome Wolfgang Ecker (Infineon Technologies, D) |
| 09:10 | Keynote: Spectres, Meltdowns, Zombies, Orcs: Can formal methods banish the ghosts that haunt your hardware? Wolfgang Kunz (Technical University of Kaiserslautern, D)  Bio: Since 2001 Wolfgang Kunz is a professor at the Department of Electrical & Computer Engineering at Technische Universität Kaiserslautern.
He conducts research in the area of System-on-Chip design and verification with a recent focus on formal security analysis of hardware. In this area he is currently collaborating with several industrial partners including Siemens EDA, Infineon, Intel, Minres and Hensoldt Cyber.
For his research in hardware security Wolfgang Kunz and his team have recently received the DAC-22 Best Paper Award and the Intel Hardware Security Academic Award 2022. Wolfgang Kunz is a Fellow of the IEEE and Member of Academia Europaea.Abstract: The discovery of security attacks in advanced processors, such as Spectre and Meltdown, has created new awareness for hardware security, both in professional circles and in the general public. At the same time, the open-source RISC-V instruction set architecture (ISA) has become a game changer to academic research as well as to the industrial landscape of embedded computing systems. On the other hand, leveraging open-source entities in commercial products poses new challenges and amplifies the demand for effective verification methods. In particular, new methods for ensuring the trustworthiness of cores and SoCs are badly needed. This talk addresses the challenge of formal security analysis in Systems-on-Chip. We discuss challenges related to microarchitectural side channels, such as Spectre and Meltdown, and design bugs violating security. We sketch a formal method called Unique Program Execution Checking (UPEC) to detect such vulnerabilities. UPEC does not require a-priori knowledge on possible attacks and detects HW vulnerabilities systematically without demanding the clever thinking of a human attacker. We present several cases studies and discuss lessons learned for open-source RISC-V systems including Rocketchip, BOOM and Pulpissimo. Slides (Access for event attendees only) |
| 09:40 | Keynote: On the Road to Ubiquity: Dispatches from the Front Lines of the RISC-V Software Ecosystem Philipp Tomsich (VRULL, AT)  Bio: Dr. Philipp Tomsich is the Chief Technologist and Founder of VRULL, an engineering consultancy focused on building, enabling, and optimizing the software ecosystems for next-generation silicon solutions.
Philipp brings broad experience and expertise in runtime systems (including Java VMs, compilers, operating systems kernels, and static code analysis), high-assurance applications, secure/trusted boot, and embedded hardware. His earlier contributions to open-source compilers have been centered on ARMv8 and, more recently, on RISC-V. He has worked on languages and compilers for multi-core systems for over twenty years and led multiple engineering projects for high-assurance government applications. He today manages engineering teams working on the GNU toolchains, LLVM, QEMU, Apache TVM, the Linux kernel, cryptographic libraries, and Embedded Rust.
Philipp today supports the RISC-V mission as the Chair of the Applications & Tools (formerly: “Software”) Horizontal Committee and as Elected Representative of the Strategic/Premier Membership Tier on the RISC-V International Board of Directors. In these roles, he oversees the software ecosystem outreach, standardization of Platforms, and the development of performance modeling, dynamic instrumentation, and analysis tools for RISC-V. His contributions to RISC-V have been recognized with the 2021 RISC-V Board of Directors Technical Leadership Award and the 2021 RISC Community Contributor Award.Abstract: RISC-V is not just based on open standards, but also offers a high degree of flexibility to adapt to specific use cases and products: integrators can add custom instructions and leave off unneeded parts of the instruction set. This provides a key differentiator over other established architectures and attracts integrators that can benefit from the resulting hardware acceleration or cost reduction potential. Until now, this flexibility has been viewed as a mixed blessing: adding or removing features was considered to fragment the software ecosystem and give rise to interoperability challenges. The RISC-V Software Ecosystem is today evolving to embrace this continuous innovation leading to differentiated products. This presentation provides an overview of the rapidly maturing software ecosystem for RISC-V, focusing on the enablement of recently ratified extensions, and gives an outlook on the next round of extensions being ratified. We introduce the various initiatives to establish a feature-rich software runtime, using the dynamic discovery of features, for application processors and contrast these with the ongoing efforts to provide a source-level compatibility framework for deeply embedded applications. Slides (Access for event attendees only) |
10:10 - 10:40
Break + Poster Session
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 10:40 | Poster: Access Control in SoCs: Do We Need New Verification Strategies? Anna Lena Duque Anton (Technische Universität Kaiserslautern, D) Abstract: Modern SoCs are composed of many HW IPs and can execute numerous processes with different security requirements. In many systems, these security requirements are met by providing access control mechanisms, which can enable process isolation or deny an attacker access to critical resources. The RISC-V ISA, for example, provides different memory protection schemes (like PMP or page-based virtual-memory system). However, such core-internal access control implementations are not sufficient to establish system-wide security. We demonstrate in a case study on the RISC-V based SoC Pulpissimo that existing access control mechanisms do not prevent from confidentiality and integrity attacks. We further show that for finding such system attacks, individual verification of modules is not enough. The overall system with its HW/SW interface has to be taken into consideration. Poster (Access for event attendees only) |
| 10:40 | Poster: OPTI-RISK: Design of an Optical Probing Attack Hardened RISC-V Core with an Industrially Compatible CMOS Gate Library Sajjad Parvin (University of Bremen, D) Abstract: The increase in the popularity of RISC-V-based cores confirms the idea behind the free and open Instruction Set Architecture (ISA). In the same way interest in applications also spans from low-power, edge devices for IoT to high-performance multi-issue computers. There some applications have little criticality while others can be mission-critical. Optical Probing Attacks (OPA) can serve as a potential attack methodology to hijack the Intellectual Property (IP) of a chip. Several methods have been investigated to harden circuits against OPA. These methods usually are expensive, require a change in the fabrication process, and result in a performance drop compared to the CMOS standard gates, making the investigated methods not feasible for industrial use. Hence, we propose a logic gate library based on the standard CMOS logic gate which is industry standard to be hardened against OPA. Next, we propose a lightweight synthesis technique to synthesize to harden the circuit against OPA. With our method, the speed performance of the circuit is kept intact in reference to conventional CMOS-based designs. However, we see an increase in the power and area consumption which is acceptable for a secure design. |
| 10:40 | Poster: Formal Verification vs. Simulation: Detecting Bugs in RISC-V Access Control Mechanisms Johannes Müller (Technical University of Kaiserslautern, D)  Bio: Johannes Müller received his Dipl.-Ing. degree in Electrical and Computer Engineering from TU Kaiserslautern in 2018. He is currently a Ph.D. candidate at Electronic Design Automation group at the same university, working under supervision of Prof. Kunz and Prof. Stoffel. His research interests include formal security verification, access control in Systems-on-Chip and microarchitectural timing side channels.Abstract: Modern computing system operate in a vast world of mutually distrusting entities. Even within an individual system-on-chip some third-party hardware and software IPs may not be fully trusted. In such an ecosystem, the implementation of effective access control mechanisms and their functional correctness are paramount for security. While simulation-based verification techniques can establish good confidence in overall system correctness, they might miss corner cases. Such corner cases, however, allow attackers to breach system security. We present a case study about how formal security verification can provide security guarantees for a commercial RISC-V core. In our experiments, we pit a simulation-based regression test framework against a formal verification methodology to detect bugs in access control mechanisms. Our results show that the formal verification tool is able to detect and report corner cases that are not discovered by the test frame work and that constitute actual security vulnerabilities. Poster (Access for event attendees only) |
| 10:40 | Poster: Coyote: a performance modeling simulator for HPC architectures Alexander Fell (Barcelona Supercomputing Center, ES) Abstract: This poster presents the MareNostrum Experimental Exascale Platform (MEEP), an open-source platform enabling software and hardware co-design experimentation targeting the High-Performance Computing (HPC) ecosystem. MEEP might be seen as a software development vehicle for supporting SW developement, and a digital laboratory for pre-silicon validation of IP developments for supporting hardware development. In addition to that, MEEP includes a complete toolchain that covers all layers of the software stack, together with a set of IPs to facilitate future developments. An example of those IPs is the ACME accelerator that aims for improving sparse applications' performance, and a performance modeling simulator for traditional and emerging architectures, named Coyote. This poster shows the latest developments of Coyote. It is an execution-driven, discrete event simulator utilizing Spike, the golden RISC-V reference model, and Sparta, a framework for modeling and simulating hardware. The main focus in Coyote is on the memory subsystem as this represents the critical bottleneck, especially for sparse HPC workloads, allowing us to analyze data movement and potential for optimizations minutely. Generated traces are compatible with the visualization tool Paraver allowing a straightforward option to identify bottlenecks. Poster (Access for event attendees only) |
| 10:40 | Poster: A DSL based approach for supporting custom RISC-V instruction extensions in LLVM Jan Schlamelcher (Deutsches Zentrum für Luft- und Raumfahrt, D)  Bio: Jan Schlamelcher is a researcher at the German Areospace Center (DLR) Institute of Systems Engineering for Future Mobility and at OFFIS e.V. - Institute for Information Technology. He was graduated from the University of Oldenburg where he received his M.Sc. in computer science. His research interests include compiler construction, language design and international standards for medical device interoperability. Currently, his work for DLR is part of the Scale4Edge project where he is developing a process to automate the compiler backend generation for application specific instruction set processors using a machine readable description of custom RISCV instructions.Abstract: The RISC-V ISA allows the definition of custom instruction extensions to support application specific hardware acceleration and optimization. The main challenge with instruction extensions is the time-consuming process of consistently integrating them within the processor design and the compiler support, and of provisioning a testing and evaluation framework for the software developer. Our work proposes an automatable customization of an LLVM compiler based on a DSL (Domain Specific Language) driven approach, which can already be used for the definition of the instruction extension, its integration into the RISC-V ISA, and the automatic synthesis of the processor core and an instruction set simulator. We demonstrate the whole generation flow on the example of a customized MAC instruction as a simple example and discuss the identified challenges. |
| 10:40 | Poster: Timing instructions for RISC-V based hard real time edge devices Nithin Ravani Nanjundaswamy (Deutsches Zentrum für Luft- und Raumfahrt, D)  Bio: Nithin Ravani Nanjundaswamy is working as a Research Associate at German Aerospace Center (DLR - Deutsches Zentrum für Luft- und Raumfahrt).
He pursued his Master's degree in embedded systems from TU Chemnitz, Germany and worked parallelly as a work student at IAV GmbH, where he deepened his skills on FPGA programming and gained insights in automotive powertrain sensors. Prior to his studies in Germany, he received his Bachelor's degree from SJB Institute of Technology and worked as a software engineer for Accenture software solutions at Bangalore, India.
Currently, at DLR, for the last one year he is part of the Scale4Edge project working on RISC-V timing instructions. His main interest and expertise lie in the area of hardware development with FPGA programming.Abstract: For real-time systems, the temporal behavior of software is as important as its logical behavior. Ensuring correct temporal behavior at runtime becomes challenging as the complexity of the system increases. A main reason for this is that measurement and control of timing spans all abstraction layers in computing, including programming languages, memory hierarchy, pipelining techniques, bus architectures, memory management and task scheduling. The majority of software solutions to temporal requirements rely on programmable timers/interrupts which adds additional overhead to the system. RISC-V provides an open and extendable ISA (Instruction Set Architecture) enabling a new era of innovation in processor customization and performance and power optimization. This work presents a new RISC-V ISA extension to obtain high-precision cycle-accurate temporal behavior of real-time systems with low overhead. The work proposes a programming model supported by a new custom instruction that measures and controls the execution time of real-time software. The proposed custom instruction-based timing extension is evaluated against a pure software solution with a traditional timer/interrupt solution with respect to the resulting instruction density vs. hardware area overhead. Poster (Access for event attendees only) |
10:40 - 11:25
Session: Tailoring RISC-V Cores
Moderator: Stefan Wallentowitz (Hochschule München, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 10:40 | Timing instructions for RISC-V based hard real time edge devices Nithin Ravani Nanjundaswamy (Deutsches Zentrum für Luft- und Raumfahrt, D) Bio: Nithin Ravani Nanjundaswamy is working as a Research Associate at German Aerospace Center (DLR - Deutsches Zentrum für Luft- und Raumfahrt).
He pursued his Master's degree in embedded systems from TU Chemnitz, Germany and worked parallelly as a work student at IAV GmbH, where he deepened his skills on FPGA programming and gained insights in automotive powertrain sensors. Prior to his studies in Germany, he received his Bachelor's degree from SJB Institute of Technology and worked as a software engineer for Accenture software solutions at Bangalore, India.
Currently, at DLR, for the last one year he is part of the Scale4Edge project working on RISC-V timing instructions. His main interest and expertise lie in the area of hardware development with FPGA programming.Abstract: For real-time systems, the temporal behavior of software is as important as its logical behavior. Ensuring correct temporal behavior at runtime becomes challenging as the complexity of the system increases. A main reason for this is that measurement and control of timing spans all abstraction layers in computing, including programming languages, memory hierarchy, pipelining techniques, bus architectures, memory management and task scheduling. The majority of software solutions to temporal requirements rely on programmable timers/interrupts which adds additional overhead to the system. RISC-V provides an open and extendable ISA (Instruction Set Architecture) enabling a new era of innovation in processor customization and performance and power optimization. This work presents a new RISC-V ISA extension to obtain high-precision cycle-accurate temporal behavior of real-time systems with low overhead. The work proposes a programming model supported by a new custom instruction that measures and controls the execution time of real-time software. The proposed custom instruction-based timing extension is evaluated against a pure software solution with a traditional timer/interrupt solution with respect to the resulting instruction density vs. hardware area overhead. Slides (Access for event attendees only) |
| 10:55 | VRP: VaRiable and extended Precision RISC-V Accelerator for HPC scientific applications César Fuguet (CEA-LIST, F) Bio: PhD. César Fuguet joined CEA, Grenoble, France, in 2015. He is a researcher in the Laboratory of Systems-on-Chip and Advanced Technologies (LSTA) of the CEA List institute. He contributes to the High Performance Computing (HPC) team and currently leads the team in charge of the Variable Precision accelerator for the European Processor Initiative (EPI) project. His research topics include multi/many-core architectures, cache memory hierarchy, cache coherency and integration of heterogeneous accelerators for the HPC domain. Abstract: This work presents the VaRiable and extended Precision (VRP) RISC-V Accelerator for HPC scientific applications. Specifically, the VRP targets applications using iterative, Krylov-subspace, linear algebra solvers for very-large problems (around 100K-1000K variables). Such solvers suffer from important instability due to rounding errors. The usage of extended and variable precision (more than 64 bits of significand) allows these solvers to converge efficiently within reasonable time and memory footprint. The VRP is an extended version of the RISC-V CVA6 core (formerly Ariane) from the OpenHW group. We extended the core with a custom RISC-V ISA extension for supporting extended and variable precision floating-point (VPFLOAT) arithmetic and memory operations. It implements dedicated floating-point unit (FPU) with hardware support for VPFLOAT with up to 512 bits of significand; dedicated 32 work registers; and dedicated control/status registers (CSRs). Moreover, it implements micro-architectural improvements like register renaming for performance. Target applications are usually memory bound. Therefore, we implemented for this accelerator a new high-performance, RISC-V compatible, L1 data cache with multiple high-bandwidth ports for the core and tightly coupled accelerators. This L1 data cache replaces the original CVA6’s one. In the framework of the EuroHPC European Processor Initiative (EPI) project, we taped-out one silicon implementation on Global Foundries GF22FDX technology. Two more silicon implementations are coming: one re-spin with multiple improvements on GF22FDX and a multi-core implementation on TSMC 7nm technology. Slides (Access for event attendees only) |
| 11:10 | The TetRISC SoC for safety critical applications Markus Ulbricht (IHP, D)  Bio: Dr Markus Ulbricht received his doctorate degree from Brandenburg University Cottbus-Senftenberg in 2014 on the topic of reliable hardware software systems. In the following two years, he collected thorough experience as a test engineer at Intel Communications GmbH in Munich. To have a stronger focus on his scientific career, he transferred to IHP in 2016, where his first projects involved backend HDL design and the design and implementation of a fault-tolerant radar platform for distance measurements for automated driving. As of 2020, he is leading the fault tolerant computing group with a strong focus on sensory platforms and open source hardware as well as reliable computing and neuromorphic processing systems.Abstract: To further promote the advancement of RISC-V-processors into the safety-critical domain, we focus our investigations on reliability and resiliency. In this context, one of our research projects is to develop a highly reliable Pulpissimo-based multiprocessor platform with adaptable and anticipatory fault tolerance mechanisms. To achieve this, we extended the Pulpissimo-Platform by three additional RI5CY cores and connected them to a shared memory system. Due to the integration of a novel form of shadow registers, the cores can either run independent or interrupt their operation to execute another cores task in a lockstep fashion. As a further extension, the complementary HiRel Framework Controller acts as a configurable in- and output multiplexer and voter for the cores. Based on the harshness of the environment extracted from radiation, temperature and ageing sensors, the system is able to switch between high performance, destress and different NMR modes. Slides (Access for event attendees only) |
11:25 - 12:10
Session: Powering Machine Learning with RISC-V
Moderator: Daniel Müller-Gritschneder (Technical University of Munich, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 11:25 | Early Performance Estimation of Embedded Software on RISC-V Processors using ML Algorithms Weiyan Zhang (German Research Center for Artificial Intelligence (DFKI), D)  Bio: Weiyan Zhang is a researcher at the department of Cyber-Physical Systems (CPS) at the German Research Center for Artificial Intelligence (DFKI). She received the M.Sc. degree in electrical engineering and information technology from the University of Bremen in Germany. Currently, her research interest includes RISC-V, embedded systems and machine learning.Abstract: This presentation introduces a novel Machine Learning (ML)-based approach that allows fast and accurate performance estimation of embedded software for RISC-V processors in the early design phases. The proposed approach takes advantage of the dynamic analysis technique and analytical models and does not require any microarchitecture-related parameters such as cache misses, cache hits, and memory-level parallelism. It is evaluated against a real-world cycle-accurate RISC-V Virtual Prototype (VP) in terms of speed and accuracy. Our experiments on various benchmarks demonstrate that the proposed approach achieves a speed-up of 4.41× compared to a RISC-V VP at the Electronic System Level (ESL), while the estimation results have only a Mean Absolute Percentage Error (MAPE) of 2%. Slides (Access for event attendees only) |
| 11:40 | The AIRISC RISC-V Core for embedded AI in Medical Applications Ingo Hoyer (Fraunhofer Institut für Mikroelektronische Schaltungen und Systeme, D)  Bio: Ingo Hoyer received the B. Sc. degree in electrical engineering and information technology from the Technical University Darmstadt, Germany, in 2021 as well as the M.Sc. degree in 2022 respectively. Currently he is pursuing a Dr.-Ing. (Ph.D.) degree at Fraunhofer IMS in Duisburg.Abstract: Fraunhofer IMS develops the AIRISC family of RISC-V cores for embedded applications with a special focus on embedded AI supported by a set of specialized hardware accelerators. The AIRISC Cores also include features for functional safety and security in a highly modular and configurable fashion. The application of the AIRISC will be demonstrated on the basis of a current research project in the medical field where it serves as an embedded microcontroller for the detection of atrial fibrillation from ECG data in a smart patch. The implementation of the underlying artificial neural network (ANN) and its optimization towards energy efficiency in the targeted application will be described as well as the hardware accelerator design and their integration into the RISC-V core. Results will be given with respect to analysis accuracy and energy consumption. Also, other deployment fields for this kind of embedded AI processing unit will be discussed. Slides (Access for event attendees only) |
| 11:55 | RISC-V for Low Power Neural Network Accelerators Alexandru Drimbarean (FOTONATION, IE) Bio: Alexandru Drimbarean is a Machine Learning Fellow at XPERI Ireland focusing on developing cutting-edge machine learning and neural networks algorithms together with advanced software tools and efficient hardware architectures that enable consumer devices to understand their surroundings and to deliver personalized, immersive experiences. Alexandru received his B.Sc. in Electronic Engineering in Brasov Romania followed by an M.Sc. in Electronic Science at N.U.I Galway, Ireland. His interests include machine learning, neural networks as well as computer vision and neuromorphic processing. Alexandru has authored several journal articles and more than 100 patents. Abstract: Supporting an ever increasing number of neural networks architectures is a key prerequisite for ML hardware accelerators. This requires both speed and flexibility. This presentation will provide design details of our scalable neural network engine capable of performing low power inference for edge applications and our developments to enhance it by using RISC-V processors. We will then discuss the benefits of using RISC-V CPU as well as potential challenges. Finally we will put forward some possible RISC-V CPU core enhancements to further improve its appeal for edge ML applications. Slides (Access for event attendees only) |
12:10 - 13:10
Lunch-Break
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
13:10 - 13:50
Afternoon Keynotes
Moderator: Oliver Bringmann (Eberhard Karls Universität Tübingen, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 13:10 | BMBF Greeting Roland Krüppel (Federal Ministry of Education and Research, D) |
| 13:20 | Keynote: RISC-V for the Secure and Intelligent Edge Christian Herber (NXP Semiconductors, D)  Bio: Christian Herber the European Principal RISC-V Architect at NXP. Based in Hamburg, his work focuses on innovation management and technical roadmaps for RISC-V processors in Europe.
He has a background in automotive processing, networking, and software.
He holds a PhD in Electrical Engineering and an M.Sc. in Electrical Engineering and Information Technology, all from Technical University of Munich.Abstract: Edge computing is projected to be the main growth driver of semiconductors in the coming decade. With more than 75+ billion edge devices by 2030, there is a huge demand for secure, intelligent, and ultra-low power compute. RISC-V with its open instruction set architecture and extendibility is in a good position to play a big role in the increase of edge nodes. What does it take for RISC-V to be to edge computing what x86 has been for PCs and servers and ARM has been for smartphones? This presentation showcases some highlights of research and innovation topics at NXP, geared to get RISC-V ready to be the CPU of choice for low-power intelligent edge nodes. Slides (Access for event attendees only) |
13:50 - 14:35
Session: Security in Open Source Hardware and Ecosystems
Moderator: Wolfgang Müller (University of Paderborn, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 13:50 | VE-HEP: Trustworthy Open-Source Hardware Christoph Lüth (DFKI, D) Bio: Christoph Lüth is vice director of the Cyber-Physical Systems group at the German Research Centre for Artificial Intelligence (Deutsches Forschungszentrum für Künstliche Intelligenz, DFKI) in Bremen, and professor for computer science at the University of Bremen. He holds a PhD from the University of Edinburgh, and a Habilitation from the University of Bremen. He has authored or co-authored over eighty peer-reviewed papers, and was the principal investigator in several research projects in the area of formal methods. His research covers the whole area of the development of systems of high quality, from theoretical foundations to the development of tools to construct or verify systems, and applications in practical areas such as robotics. Abstract: Open source hardware is seen as a way to create diversity in semiconductor supply chains, thus strengthening Europe's digital sovereignty. Out of this motivation the VE-HEP project aims to push the boundaries for open source hardware. As a case study, a secure and open hardware security module (HSM) based on RISC-V for automotive applications will be developed completely with open source tools, from modelling in a modern hardware description language (SpinalHDL) right down to tapeout in the project partner IHP's fab. In addition, correctness of the RISC-V core and the cryptographic components is ensured by consistent application of formal method tools and semiautomatic hardening against side-channel attacks, using open source tools as well. The project will thus demonstrate in a relevant application example how much is technically possible in open source hardware development. Our presentation will further elaborate the project goals and how we want to achieve them, the tools we are using, the problems we have encountered, and the state of progress towards these goals halfway through the project. |
| 14:05 | Reverse Engineering: Improving and Endangering Security in RISC-V Alexander Hepp (Technical University of Munich, D) Bio: Alexander Hepp received M.S in electrical and computer engineering from Technical University of Munich in 2019. Currently, he is a doctoral candidate at the Chair of Security in Information Technology at the Technical University of Munich. His research focuses on hardware design and reverse engineering for secure and Trojan-free open-source systems. Abstract: As an open-source Instruction Set Architecture (ISA), RISC-V enables designers to implement and customize their own processors. Unfortunately, the open hardware also simplifies malicious tampering. In this talk, we inspect how open-source ISAs and processors enable improved, as well as diminished security. Detailed insights into the inner workings of hardware designs allow (reverse-engineering-based) inspection for vulnerabilites such as hardware trojans. But at the same time, the deep understanding also allows to compose attacks more easily. We will present reverse engineering methods and threat analysis techniques and inspect a RISC-V IP attack. We conclude that open hardware includes new opportunities and threats that need to be investigated further. Slides (Access for event attendees only) |
| 14:20 | Building innovation with RISC-V at TUM Venture Labs Stefan Wallentowitz (Hochschule München, D) Bio: Stefan Walentowitz is Professor of Computer Architecture at Munich University of Applied Sciences. There, he teaches and conducts research on secure embedded systems. He has been involved in open source silicon and open computer architectures for over ten years. He is a member of the RISC-V Board of Directors and director of the Free and Open Source Silicon Foundation. Abstract: TUM Venture Labs is the deep tech innovation centre helping scientists and students venture into new technology innovation. A "Quantum and Electronics" lab curently builds an ecosystem for RISC-V centric startup. This presentation gives a brief overview of the activities and the roadmap. |
14:35 - 15:05
Break + Poster Session
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 10:40 | Poster: Access Control in SoCs: Do We Need New Verification Strategies? Anna Lena Duque Anton (Technische Universität Kaiserslautern, D) Abstract: Modern SoCs are composed of many HW IPs and can execute numerous processes with different security requirements. In many systems, these security requirements are met by providing access control mechanisms, which can enable process isolation or deny an attacker access to critical resources. The RISC-V ISA, for example, provides different memory protection schemes (like PMP or page-based virtual-memory system). However, such core-internal access control implementations are not sufficient to establish system-wide security. We demonstrate in a case study on the RISC-V based SoC Pulpissimo that existing access control mechanisms do not prevent from confidentiality and integrity attacks. We further show that for finding such system attacks, individual verification of modules is not enough. The overall system with its HW/SW interface has to be taken into consideration. Poster (Access for event attendees only) |
| 10:40 | Poster: OPTI-RISK: Design of an Optical Probing Attack Hardened RISC-V Core with an Industrially Compatible CMOS Gate Library Sajjad Parvin (University of Bremen, D) Abstract: The increase in the popularity of RISC-V-based cores confirms the idea behind the free and open Instruction Set Architecture (ISA). In the same way interest in applications also spans from low-power, edge devices for IoT to high-performance multi-issue computers. There some applications have little criticality while others can be mission-critical. Optical Probing Attacks (OPA) can serve as a potential attack methodology to hijack the Intellectual Property (IP) of a chip. Several methods have been investigated to harden circuits against OPA. These methods usually are expensive, require a change in the fabrication process, and result in a performance drop compared to the CMOS standard gates, making the investigated methods not feasible for industrial use. Hence, we propose a logic gate library based on the standard CMOS logic gate which is industry standard to be hardened against OPA. Next, we propose a lightweight synthesis technique to synthesize to harden the circuit against OPA. With our method, the speed performance of the circuit is kept intact in reference to conventional CMOS-based designs. However, we see an increase in the power and area consumption which is acceptable for a secure design. |
| 10:40 | Poster: Formal Verification vs. Simulation: Detecting Bugs in RISC-V Access Control Mechanisms Johannes Müller (Technical University of Kaiserslautern, D) Bio: Johannes Müller received his Dipl.-Ing. degree in Electrical and Computer Engineering from TU Kaiserslautern in 2018. He is currently a Ph.D. candidate at Electronic Design Automation group at the same university, working under supervision of Prof. Kunz and Prof. Stoffel. His research interests include formal security verification, access control in Systems-on-Chip and microarchitectural timing side channels.Abstract: Modern computing system operate in a vast world of mutually distrusting entities. Even within an individual system-on-chip some third-party hardware and software IPs may not be fully trusted. In such an ecosystem, the implementation of effective access control mechanisms and their functional correctness are paramount for security. While simulation-based verification techniques can establish good confidence in overall system correctness, they might miss corner cases. Such corner cases, however, allow attackers to breach system security. We present a case study about how formal security verification can provide security guarantees for a commercial RISC-V core. In our experiments, we pit a simulation-based regression test framework against a formal verification methodology to detect bugs in access control mechanisms. Our results show that the formal verification tool is able to detect and report corner cases that are not discovered by the test frame work and that constitute actual security vulnerabilities. Poster (Access for event attendees only) |
| 10:40 | Poster: Coyote: a performance modeling simulator for HPC architectures Alexander Fell (Barcelona Supercomputing Center, ES) Abstract: This poster presents the MareNostrum Experimental Exascale Platform (MEEP), an open-source platform enabling software and hardware co-design experimentation targeting the High-Performance Computing (HPC) ecosystem. MEEP might be seen as a software development vehicle for supporting SW developement, and a digital laboratory for pre-silicon validation of IP developments for supporting hardware development. In addition to that, MEEP includes a complete toolchain that covers all layers of the software stack, together with a set of IPs to facilitate future developments. An example of those IPs is the ACME accelerator that aims for improving sparse applications' performance, and a performance modeling simulator for traditional and emerging architectures, named Coyote. This poster shows the latest developments of Coyote. It is an execution-driven, discrete event simulator utilizing Spike, the golden RISC-V reference model, and Sparta, a framework for modeling and simulating hardware. The main focus in Coyote is on the memory subsystem as this represents the critical bottleneck, especially for sparse HPC workloads, allowing us to analyze data movement and potential for optimizations minutely. Generated traces are compatible with the visualization tool Paraver allowing a straightforward option to identify bottlenecks. Poster (Access for event attendees only) |
| 10:40 | Poster: A DSL based approach for supporting custom RISC-V instruction extensions in LLVM Jan Schlamelcher (Deutsches Zentrum für Luft- und Raumfahrt, D) Bio: Jan Schlamelcher is a researcher at the German Areospace Center (DLR) Institute of Systems Engineering for Future Mobility and at OFFIS e.V. - Institute for Information Technology. He was graduated from the University of Oldenburg where he received his M.Sc. in computer science. His research interests include compiler construction, language design and international standards for medical device interoperability. Currently, his work for DLR is part of the Scale4Edge project where he is developing a process to automate the compiler backend generation for application specific instruction set processors using a machine readable description of custom RISCV instructions.Abstract: The RISC-V ISA allows the definition of custom instruction extensions to support application specific hardware acceleration and optimization. The main challenge with instruction extensions is the time-consuming process of consistently integrating them within the processor design and the compiler support, and of provisioning a testing and evaluation framework for the software developer. Our work proposes an automatable customization of an LLVM compiler based on a DSL (Domain Specific Language) driven approach, which can already be used for the definition of the instruction extension, its integration into the RISC-V ISA, and the automatic synthesis of the processor core and an instruction set simulator. We demonstrate the whole generation flow on the example of a customized MAC instruction as a simple example and discuss the identified challenges. |
| 10:40 | Poster: Timing instructions for RISC-V based hard real time edge devices Nithin Ravani Nanjundaswamy (Deutsches Zentrum für Luft- und Raumfahrt, D) Bio: Nithin Ravani Nanjundaswamy is working as a Research Associate at German Aerospace Center (DLR - Deutsches Zentrum für Luft- und Raumfahrt).
He pursued his Master's degree in embedded systems from TU Chemnitz, Germany and worked parallelly as a work student at IAV GmbH, where he deepened his skills on FPGA programming and gained insights in automotive powertrain sensors. Prior to his studies in Germany, he received his Bachelor's degree from SJB Institute of Technology and worked as a software engineer for Accenture software solutions at Bangalore, India.
Currently, at DLR, for the last one year he is part of the Scale4Edge project working on RISC-V timing instructions. His main interest and expertise lie in the area of hardware development with FPGA programming.Abstract: For real-time systems, the temporal behavior of software is as important as its logical behavior. Ensuring correct temporal behavior at runtime becomes challenging as the complexity of the system increases. A main reason for this is that measurement and control of timing spans all abstraction layers in computing, including programming languages, memory hierarchy, pipelining techniques, bus architectures, memory management and task scheduling. The majority of software solutions to temporal requirements rely on programmable timers/interrupts which adds additional overhead to the system. RISC-V provides an open and extendable ISA (Instruction Set Architecture) enabling a new era of innovation in processor customization and performance and power optimization. This work presents a new RISC-V ISA extension to obtain high-precision cycle-accurate temporal behavior of real-time systems with low overhead. The work proposes a programming model supported by a new custom instruction that measures and controls the execution time of real-time software. The proposed custom instruction-based timing extension is evaluated against a pure software solution with a traditional timer/interrupt solution with respect to the resulting instruction density vs. hardware area overhead. Poster (Access for event attendees only) |
15:05 - 15:50
Session: Verification and Tools for Custom RISC-V Extensions
Moderator: Andreas Mauderer (Bosch, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 15:05 | A DSL based approach for supporting custom RISC-V instruction extensions in LLVM Jan Schlamelcher (Deutsches Zentrum für Luft- und Raumfahrt, D) Bio: Jan Schlamelcher is a researcher at the German Areospace Center (DLR) Institute of Systems Engineering for Future Mobility and at OFFIS e.V. - Institute for Information Technology. He was graduated from the University of Oldenburg where he received his M.Sc. in computer science. His research interests include compiler construction, language design and international standards for medical device interoperability. Currently, his work for DLR is part of the Scale4Edge project where he is developing a process to automate the compiler backend generation for application specific instruction set processors using a machine readable description of custom RISCV instructions.Abstract: The RISC-V ISA allows the definition of custom instruction extensions to support application specific hardware acceleration and optimization. The main challenge with instruction extensions is the time-consuming process of consistently integrating them within the processor design and the compiler support, and of provisioning a testing and evaluation framework for the software developer. Our work proposes an automatable customization of an LLVM compiler based on a DSL (Domain Specific Language) driven approach, which can already be used for the definition of the instruction extension, its integration into the RISC-V ISA, and the automatic synthesis of the processor core and an instruction set simulator. We demonstrate the whole generation flow on the example of a customized MAC instruction as a simple example and discuss the identified challenges. Slides (Access for event attendees only) |
| 15:20 | Automated RISC-V Verification For Cores Including Custom Extensions Sven Beyer (Siemens Electronic Design Automation, D)  Bio: Sven Beyer is the Program Manager for Formal Processor Verification at Siemens EDA (Siemens Digital Industries Software). Sven has close to twenty years of experience in formal verification, with a specific focus on industrial processor verification. He has been with OneSpin Solutions since 2005, filling various roles involving methodology, application, and product management. He has been instrumental to the development of many formal verification IPs and apps and holds several patents, including one for processor verification.
Sven has led numerous formal processor verification projects, such as the work on Infineon's TriCore processor. His most recent work involves the automation of the verification of RISC-V based architectures. Sven holds a Dr.-Ing. (equivalent to a PhD) in computer science from Saarland University, Germany, where his PhD thesis was focused on the formal verification of an out-of-order processor core.Abstract: RISC-V is gaining immense traction in the embedded space, with more and more application cores also becoming available. The broad range of available cores coupled with the ability to include custom extensions opens unprecedented innovation opportunities in the SoC domain. However, verification of those highly parameterized core instances, including their custom extensions, remains a time consuming challenge. We present an automated, customer proven flow from ISA level specifications of custom extensions to their exhaustive formal verification and demonstrate results on popular open source cores. Slides (Access for event attendees only) |
| 15:35 | Formal Verification vs. Simulation: Detecting Bugs in RISC-V Access Control Mechanisms Johannes Müller (Technical University of Kaiserslautern, D) Bio: Johannes Müller received his Dipl.-Ing. degree in Electrical and Computer Engineering from TU Kaiserslautern in 2018. He is currently a Ph.D. candidate at Electronic Design Automation group at the same university, working under supervision of Prof. Kunz and Prof. Stoffel. His research interests include formal security verification, access control in Systems-on-Chip and microarchitectural timing side channels.Abstract: Modern computing system operate in a vast world of mutually distrusting entities. Even within an individual system-on-chip some third-party hardware and software IPs may not be fully trusted. In such an ecosystem, the implementation of effective access control mechanisms and their functional correctness are paramount for security. While simulation-based verification techniques can establish good confidence in overall system correctness, they might miss corner cases. Such corner cases, however, allow attackers to breach system security. We present a case study about how formal security verification can provide security guarantees for a commercial RISC-V core. In our experiments, we pit a simulation-based regression test framework against a formal verification methodology to detect bugs in access control mechanisms. Our results show that the formal verification tool is able to detect and report corner cases that are not discovered by the test frame work and that constitute actual security vulnerabilities. Slides (Access for event attendees only) |
15:50 - 17:00
Panel: Opportunities and Challenges for Germany in the RISC-V Environment
Moderator: Stefan Wallentowitz (Hochschule München, D)
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
| 15:50 | Panel: Opportunities and Challenges for Germany in the RISC-V Environment Stefan Wallentowitz (Hochschule München, D) Wolfgang Ecker (Infineon Technologies, D) Eyck Jentzsch (MINRES Technologies, D) Philipp Tomsich (VRULL, AT) |
| 16:50 | Wrap-Up Stefan Wallentowitz (Hochschule München, D) |
18:30 - 23:00
Anniversary event for the twentieth anniversary of edacentrum e.V.
Käfer Restaurant, Reichstag Building
Tuesday, November 8, 2022
08:30 - 13:30
edaForum22
Hotel NH Collection Berlin Mitte, Friedrichstrasse 96, 10117 Berlin
The full program of the "edaForum22" can be found here: https://www.edacentrum.de/veranstaltungen/edaforum/2022/programm
