Full Program
Summary:
Speculative execution attacks like Spectre exploit microarchitectural side effects to leak sensitive data during transient execution. While several countermeasures have been proposed for x86 and ARM, their impact on RISC-V remains underexplored. This paper presents the first comprehensive evaluation of Spectre-v1 countermeasures on RISC-V using the gem5 full-system simulator. We implement and assess four mitigations: index masking (CM1), randomized offset (CM2), fence-based serialization (CM3), and bitwise selection (CM4). Without mitigations, Spectre-v1 enables 100% secret key recovery. In contrast, the countermeasures reduce recovery to below 1%, with branch mispredictions dropping by 41.7%–46.3%. We analyze the security-performance trade-offs, quantifying reductions in squashed instructions, DRAM latency variability, and return address stack mispredictions. Our work demonstrates the effectiveness and microarchitectural impact of each approach and provides a practical framework for evaluating transient execution defenses, advancing secure-by-design RISC-V processors.Author(s):
Mahreen Khan
Telecom Paris
France
Maria Mushtaq
Telecom Paris
France
Renaud Pacalet
Telecom Paris
France
Ludovic Apvrille
Telecom Paris
France