RISC-V Foundation debuts Security Standing Committee in bid to boost security in the Internet of Things segment

The RISC-V Foundation, a non-profit corporation controlled by its members to drive forward the adoption and implementation of the free and open RISC-V instruction set architecture (ISA), announced on Monday formation of the Security Standing Committee to link up industry leaders to share findings, develop consensus around best security practices and identify potential security improvements for RISC-V based Internet of Things (IoT) devices, embedded systems, and machine learning implementations.

The Committee includes 25 RISC-V Foundation members, including Berkeley Architecture Group, Bluespec, CSIRO’s Data61, Dover, Draper, Esperanto Technologies, Indian Institute of Technology (IIT) Madras, Intrinsic ID, Galois, Hex Five Security, Microsemi, Micron Technology, NXP, Rambus, SecureRF Corporation, SiFive and Western Digital.

Participants of the Committee will develop consensus around best security practices for IoT devices, embedded systems, and other key areas of computing, and will collaborate with the RISC-V Foundation’s other committees and tasks groups to tackle specific areas to improve the security of the RISC-V ISA.

The Security Standing Committee will also work to promote RISC-V as an ideal vehicle for innovation for the security community. Unlike closed processor architectures the free and open RISC-V ISA enables anyone to inspect and analyze the architecture to assess the security of the ISA. In addition to the security advantages of its open approach, the simplicity of the RISC-V ISA provides a smaller attack surface which helps to minimize vulnerabilities.

Numerous RISC-V member organizations have already introduced security solutions such as Dover Microsystems CoreGuard and SecureRF WalnutDSA. The Security Standing Committee, chaired by Rambus, has already contributed a draft specification for cryptographic extensions to the RISC-V ISA and a proposed approach to trusted execution environments for embedded RISC-V devices.

In addition, the ongoing collaborative work in other technical working groups on specifications for the RISC-V privileged architecture, vector extensions and instruction set compliance demonstrates the high degree of industry interest and cooperation in security.

“As the number of connected devices grows exponentially and new security vulnerabilities like Meltdown and Spectre emerge, it’s become increasingly important to develop more robust security approaches. The RISC-V community has the historic opportunity to leverage a new platform for security innovation, leveraging the latest knowledge and contributions from leading industry and academic experts that comprise the expansive RISC-V ecosystem,” said Rick O’Connor, executive director of the non-profit RISC-V Foundation. “The RISC-V Foundation’s Security Standing Committee is a declaration and call to action for industry leaders, universities and government organizations to join the Foundation and work with us to build a more secure world for the benefit of everyone.”

“Security is one of the fundamental issues in our connected world. The RISC-V community is committed to pushing the industry forward through innovative approaches and new thinking to address existing and emerging threats,” said Dr. Helena Handschuh, Chair of the RISC-V Foundation Security Standing Committee and Fellow at Rambus. “Through open standard collaboration, the Security Standing Committee is fostering the growth of the RISC-V ISA to ensure it meets and exceeds the dynamic security demands of this new era of innovation.”

To further the development of even stronger security measures for RISC-V, the Security Standing Committee has split the existing security task group into two separate task groups: Trusted Execution Environment for Microcontroller-Class Processors and Cryptography Extensions.

The Trusted Execution Environment for Microcontroller-Class Processors group will continue to develop a specification that serves as extension of privilege specification, supporting trust execution environments on embedded RISC-V processors. The Cryptography Extensions group will build on their early proposals for ISA extensions for the standardized and secure execution of cryptography algorithms.

“It is an exciting time to witness the advent of a new compute platform that has formal methods at its foundation for processor correctness and security,” said Dr. Joseph Kiniry, Vice-Chair of the RISC-V Foundation Security Standing Committee and Principal Scientist at Galois. “RISC-V is a simple, free and open ISA that is an ideal vehicle for research in formally assured security and secure hardware development for everything from consumer devices to national security applications.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.