2606004305
  • Open Access
  • Article

RV-Sec5: Enhancing Pre-Silicon Security Evaluation of RISC-V Processors through Targeted ISA-Level Instrumentation in the gem5 Simulation Framework

  • Muhammad Awais 1,*,   
  • Maria Mushtaq 1,   
  • Lirida Naviner 1,   
  • Jawad Haj Yahya 2,   
  • Florent Bruguier 3

Received: 27 Mar 2026 | Revised: 16 Jun 2026 | Accepted: 17 Jun 2026 | Published: 29 Jun 2026

Abstract

The open-source RISC-V Instruction Set Architecture (ISA) is being adopted rapidly in security-sensitive areas such as IoT, edge computing, and aerospace systems, which makes early-stage security validation increasingly important. Yet most existing approaches still depend either on post-silicon testing or on high-level emulation. Neither is well suited to exposing ISA-specific vulnerabilities or microarchitectural side effects during the design phase. As a result, there remains a gap between highlevel security policies and the way hardware actually behaves at runtime, and that gap can leave processors exposed to privilege escalation, memory protection failures, and side-channel leakage that may only become visible late in development. In this paper, we present RV-Sec5, a systematic and policy-driven framework for ISA-level security evaluation built on the gem5 cycle-accurate simulator. RV-Sec5 provides a formal method for translating high-level security invariants, including privilege isolation, Physical Memory Protection (PMP) enforcement, and Control and Status Register (CSR) integrity, into automated cycle-accurate instrumentation points embedded directly in the ISA decoder. By recording precise architectural execution context at instruction commit time, the framework supports specification-driven methodology of privilege escalation attempts and enables systematic correlation between ISA-level events and microarchitectural behavior, including TLB activity and cache state changes, without interfering with functional execution. Our results shows that RV-Sec5 can significantly detects the specification violation on the events that are permitted in User mode, the results shows that after extending the gem5 with the hooks added and ISA modified, it create an overhead on the simulation. The overall overhead of RV-Sec5 for the simulation time is less than 4% and the overhead for the memory usage is less than 2% across the evaluated workloads. RV-Sec5 is a modular, cycle-accurate observation and post-execution detection virtual platform that reduces the gap between architectural security requirements and their enforcement at the Microarchitectural level, using post-silicon testing within the RISC-V processor design flow.

References 

  • 1.

    Waterman, A.; Asanovic, K.; Hauser, J. The RISC-V Instruction Set Manual, Volume II: Privileged Architecture; RISC-V Found: San Francisco, CA, USA, 2019.

  • 2.

    Baptista, J.P.R. RISC-V Streaming Extension Support on the Spike Simulator. Master Thesis, Universidade do Porto, Porto, Portugal, 2023.

  • 3.

    Lowe-Power, J.; Ahmad, A.M.; Akram, A.; et al. The gem5 Simulator: Version 20.0+. arXiv 2020, arXiv:2007.03152.

  • 4.

    Awais, M.; Mushtaq, M.; Naviner, L.; et al. RV-Sec5: Enhancing RISC-V Security Evaluation via Targeted ISA-Level Instrumentation Using gem5. In Proceedings of the 2026 Australasian Information Security Conference, Melbourne, VIC, Australia, 11–12 February 2026; pp. 10–19.

  • 5.

    Lowe-Power, J.; Akella, V.; Farrens, M.K.; et al. Position Paper: A Case for Exposing Extra-Architectural State in the ISA. In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, Los Angeles, CA, USA, 2 June 2018; pp. 1–6.

  • 6.

    Cheang, K.; Rasmussen, C.; Lee, D.; et al. Verifying RISC-V Physical Memory Protection. arXiv 2022, arXiv:2211.02179.

  • 7.

    Bove, D.; Funk, J. Basic Secure Services for Standard RISC-V Architectures. Comput. Secur. 2023, 133, 103415.

  • 8.

    Cui, E.; Li, T.; Wei, Q. RISC-V Instruction Set Architecture Extensions: A Survey. IEEE Access 2023, 11, 24696–24711.

  • 9.

    Guo, X.; Mullins, R. Fast TLB Simulation for RISC-V Systems. arXiv 2019, arXiv:1905.06825.

  • 10.

    Kocher, P.; Horn, J.; Fogh, A.; et al. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019.

  • 11.

    Lipp, M.; Schwarz, M.; Gruss, D.; et al. Meltdown. arXiv 2018, arXiv:1801.01207.

  • 12.

    Gao, Y.; Qian, W.; Cui, E. RISC-V ISA Extension Toolchain Supports: A Survey. In Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things, Xiamen, China, 26–28 May 2023; pp. 924–929.

  • 13.

    Bruns, N.; Herdt, V.; Große, D.; et al. Toward RISC-V CSR Compliance Testing. IEEE Embed. Syst. Lett. 2021, 13, 202–205. https://doi.org/10.1109/LES.2021.3077368.

  • 14.

    Bellard, F. QEMU, a Fast and Portable Dynamic Translator. In Proceedings of the USENIX Annual Technical Conference, FREENIX Track, Anaheim, CA, USA, 10–15 April 2005.

  • 15.

    RISC-V International. Formal Specification of the RISC-V ISA. Available online: https://github.com/riscv/sail-riscv (accessed on 8 June 2026).

  • 16.

    Speiser, F.; Szalay, I.; Fodor, D. Embedded System Simulation Using Renode. Eng. Proc. 2024, 79, 52.

  • 17.

    Kabylkas, N.; Thorn, T.; Srinath, S.; et al. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation. In Proceedings of the MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture, online, 18–22 October 2021; pp. 667–678.

  • 18.

    Tenstorrent Inc. Whisper: RISC-V Instruction Set Simulator. Available online: https://github.com/tenstorrent/whisper (accessed on 27 March 2026).

  • 19.

    Hin, P.Y.H.; Liao, X.; Cui, J.; et al. Supporting RISC-V Full System Simulation in gem5. In Proceedings of the 5th Workshop on Computer Architecture Research with RISC-V (CARRV 2021), online, 14 June 2021.

  • 20.

    Gerlach, L.; Weber, D.; Zhang, R.; et al. A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. In Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 22–26 May 2023; pp. 2321–2338.

  • 21.

    Ahmadi, M.M.; Khalid, F.; Shafique, M. Side-Channel Attacks on RISC-V Processors: Current Progress, Challenges, and Opportunities. arXiv 2021, arXiv:2106.08877.

  • 22.

    Lowe-Power, J. gem5 Documentation. Available online: https://www.gem5.org/documentation/ (accessed on 29 June 2024).

Share this article:
How to Cite
Awais, M.; Mushtaq, M.; Naviner, L.; Yahya, J. H.; Bruguier, F. RV-Sec5: Enhancing Pre-Silicon Security Evaluation of RISC-V Processors through Targeted ISA-Level Instrumentation in the gem5 Simulation Framework . Pragmatic Cybersecurity 2026, 1 (1), 6. https://doi.org/10.53941/pc.2026.100006.
RIS
BibTex
Copyright & License
article copyright Image
Copyright (c) 2026 by the authors.