With a similar threat model, conventional software mechanisms aimed at various levels of security can be categorized as intra-address space protection (IASP) including memory safety, control-flow integrity, syscall filtering, and isolation. When enhancing security, software-only IASP methods result in an expanded trusted computing base (TCB) and can lead to performance slowdowns, making it challenging to strike a balance between security and performance. Recent studies indicate that hardware-assisted methods enhance efficiency by encapsulating hardware primitives and utilizing specialized microarchitecture designs. They also enhance security by reducing the trusted computing base’s attack surface. However, there has been limited discussion regarding the key challenges in current hardware-assisted IASP studies. This paper conducts a comprehensive survey of hardware-assisted IASP and discusses critical design issues, such as metadata management strategies, protection comprehensiveness, protection granularity, and processor complexity. Through a qualitative analysis of existing methods, this paper summarizes the research trends in hardware-assisted IASP technologies and emphasizes the importance of isolation models, access control strategies, and cross-compartment switching in future hardware-assisted IASP designs.
- Article type
- Year
- Co-author
Agile hardware development methodology has been widely adopted over the past decade. Despite the research progress, the industry still doubts its applicability, especially for the functional verification of complicated processor chips. Functional verification commonly employs a simulation-based method of co-simulating the design under test with a reference model and checking the consistency of their outcomes given the same input stimuli. We observe limited collaboration and information exchange through the design and verification processes, dramatically leading to inefficiencies when applying the conventional functional verification workflow to agile development. In this paper, we propose workflow integration with collaborative task delegation and dynamic information exchange as the design principles to effectively address the challenges on functional verification under the agile development model. Based on workflow integration, we enhance the functional verification workflows with a series of novel methodologies and toolchains. The diff-rule based agile verification methodology (DRAV) reduces the overhead of building reference models with runtime execution information from designs under test. We present the RISC-V implementation for DRAV, DiffTest, which adopts information probes to extract internal design behaviors for co-simulation and debugging. It further integrates two plugins, namely XFUZZ for effective test generation guided by design coverage metrics and LightSSS for efficient fault analysis triggered by co-simulation mismatches. We present the integrated workflows for agile hardware development and demonstrate their effectiveness in designing and verifying RISC-V processors with 33 functional bugs found in NutShell. We also illustrate the efficiency of the proposed toolchains with a case study on a functional bug in the L2 cache of XiangShan.
京公网安备11010802044758号