@article{M01B99A5B,
title = "Cache Side-Channel Attacks Exploiting the RISC-V Coprocessor Interface on an SoC Platform",
journal = "Journal of KIISE, JOK",
year = "2025",
issn = "2383-630X",
doi = "10.5626/JOK.2025.52.2.95",
author = "Yewon Hwang, Taeweon Suh, Gunjae Koo",
keywords = "cache side-channel attack, RISC-V SoC, hardware Trojan, third-party IP security",
abstract = "A modern System-on-Chip (SoC) incorporates multiple third-party intellectual properties (IPs) provided by external vendors. Such third-party IPs can be vulnerable to security attacks exploiting hardware Trojans. Namely, attackers may include malicious hardware logic that can perform unauthorized operations within a third-party coprocessor. In this paper, we present a cache side-channel attack scenario that exploits the coprocessor interface, called RoCC, in a RISC-V open-source SoC platform. We demonstrate that attackers can effectively execute a Flush+Reload type cache side-channel attack by activating a malicious memory access logic in a custom IP exploiting RoCC instructions. Our evaluation exhibits the proposed attack can perform flush operations 9.4 times faster than traditional cache side-channel attack methods. This paper highlights the need for defense mechanisms against hardware security attacks in SoC design utilizing open-source processors."
}