Security Standing Committee to Secure the Future of Computing

The RISC-V Foundation announced the formation of the Security Standing Committee to bring together industry to share findings, develop consensus around security practices and identify potential security improvements for RISC-V based Internet of Things (IoT) devices, embedded systems, and machine learning implementations. The Committee includes 25...

The RISC-V Foundation announced the formation of the Security Standing Committee to bring together industry to share findings, develop consensus around security practices and identify potential security improvements for RISC-V based Internet of Things (IoT) devices, embedded systems, and machine learning implementations.

The Committee includes 25 RISC-V Foundation members, including Berkeley Architecture Group, Bluespec, CSIRO’s Data61, Dover, Draper, Esperanto Technologies, Indian Institute of Technology (IIT) Madras, Intrinsic ID, Galois, Hex Five Security, Microsemi, Micron Technology, NXP, Rambus, SecureRF Corporation, SiFive and Western Digital.

RISC-V member organizations have introduced security solutions such as Dover Microsystems CoreGuard and SecureRF WalnutDSA.

The Security Standing Committee, chaired by Rambus, has contributed a draft specification for cryptographic extensions to the RISC-V ISA and a proposed approach to trusted execution environments for deeply embedded RISC-V devices.

In addition, the ongoing collaborative work in other technical working groups on specifications for the RISC-V architecture, vector extensions and instruction set compliance demonstrates industry interest and cooperation in security.

“As the number of connected devices grows exponentially and new security vulnerabilities like Meltdown and Spectre emerge, it’s become increasingly important to develop more robust security approaches. The RISC-V community has the historic opportunity to leverage a new platform for security innovation, leveraging the latest knowledge and contributions from leading industry and academic experts that comprise the expansive RISC-V ecosystem,” said Rick O’Connor, executive director of the non-profit RISC-V Foundation.

“The RISC-V Foundation’s Security Standing Committee is a declaration and call to action for industry leaders, universities and government organizations to join the Foundation and work with us to build a more secure world for the benefit of everyone.”

Participants of the Committee will develop consensus around security practices for IoT devices, embedded systems, and other areas of computing, and will collaborate with the RISC-V Foundation’s other committees and tasks groups to tackle specific areas to improve the security of the RISC-V ISA.

The Security Standing Committee will also work to promote RISC-V as a vehicle for innovation for the security community.

Unlike closed processor architectures the free and open RISC-V ISA enables anyone to inspect and analyze the architecture to assess the security of the ISA.

In addition to the security advantages of its open approach, RISC-V ISA provides a smaller attack surface which helps to minimize vulnerabilities.

“Security is one of the fundamental issues in our connected world. The RISC-V community is committed to pushing the industry forward through innovative approaches and new thinking to address existing and emerging threats,” said Dr. Helena Handschuh, Chair of the RISC-V Foundation Security Standing Committee and Fellow at Rambus.

“Through open standard collaboration, the Security Standing Committee is fostering the growth of the RISC-V ISA to ensure it meets and exceeds the dynamic security demands of this new era of innovation.”

To further the development of security measures for RISC-V, the Security Standing Committee has split the existing security task group into two separate task groups: Trusted Execution Environment for Microcontroller-Class Processors and Cryptography Extensions.

The Trusted Execution Environment for Microcontroller-Class Processors group will continue to develop a specification that serves as extension of specification, supporting trust execution environments on embedded RISC-V processors.

The Cryptography Extensions group will build on their early proposals for ISA extensions for the standardized and secure execution of cryptography algorithms.

“It is an exciting time to witness the advent of a new compute platform that has formal methods at its foundation for processor correctness and security,” said Dr. Joseph Kiniry, Vice-Chair of the RISC-V Foundation Security Standing Committee and Principal Scientist at Galois.

“RISC-V is a simple, free and open ISA that is an ideal vehicle for research in formally assured security and secure hardware development for everything from consumer devices to national security applications.”

Source: www.helpnetsecurity.com