TY  - JOUR
T1  - Cache Side-Channel Attacks Exploiting the RISC-V Coprocessor Interface on an SoC Platform
AU  - Hwang, Yewon 
AU  - Suh, Taeweon 
AU  - Koo, Gunjae 
JO  - Journal of KIISE, JOK
PY  - 2025
DA  - 2025/1/14
DO  - 10.5626/JOK.2025.52.2.95
KW  - cache side-channel attack
KW  - RISC-V SoC
KW  - hardware Trojan
KW  - third-party IP security
AB  - A modern System-on-Chip (SoC) incorporates multiple third-party intellectual properties (IPs) provided by external vendors. Such third-party IPs can be vulnerable to security attacks exploiting hardware Trojans. Namely, attackers may include malicious hardware logic that can perform unauthorized operations within a third-party coprocessor. In this paper, we present a cache side-channel attack scenario that exploits the coprocessor interface, called RoCC, in a RISC-V open-source SoC platform. We demonstrate that attackers can effectively execute a Flush+Reload type cache side-channel attack by activating a malicious memory access logic in a custom IP exploiting RoCC instructions. Our evaluation exhibits the proposed attack can perform flush operations 9.4 times faster than traditional cache side-channel attack methods. This paper highlights the need for defense mechanisms against hardware security attacks in SoC design utilizing open-source processors.