A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment

Abstract

The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave’s security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V’s TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.