RIMI: instruction-level memory isolation for embedded systems on RISC-V

ABSTRACTWith the advent of the Internet of Things, embedded systems have become widely used in various fields. Concurrently, the security of these systems has become a concern for many. However, security features that are already available for high-end systems have not been provided in low-end embedded systems due to its negative impact on cost and power consumption. Thus, to increase security with low overhead, many studies to implement the memory isolation approach to these systems have been conducted. However, existing techniques for this approach have suffered from problems in terms of scalability or performance. To mitigate such problems, we present RIMI, a new instruction extension to provide memory isolation in embedded systems. Thanks to instructions in RIMI, we can implement an instruction-level memory isolation where the access permission is bound to each memory and control transfer instructions. We implemented the RIMI prototype on a RISC-V architecture, which is a prominent open-source instruction set architecture (ISA). Our evaluation results show that existing security solutions, i.e., shadow stacks and in-process isolation, can be efficiently implemented with RIMI.