HECTOR-V: A Heterogeneous CPU Architecture for a Secure RISC-V Execution Environment

Pascal Nasahl, Robert Schilling, Mario Werner, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


To ensure secure and trustworthy execution of applications in potentially insecure environments, vendors frequently embed trusted execution environments (TEE) into their systems.
Applications executed in this safe, isolated space are protected from adversaries, including a malicious operating system.
TEEs are usually build by integrating protection mechanisms directly into the processor or by using dedicated external secure elements.
However, both of these approaches only cover a narrow threat model resulting in limited security guarantees.
Enclaves nested into the application processor typically provide weak isolation between the secure and non-secure domain, especially when considering side-channel attacks.
Although external secure elements do provide strong isolation, the slow communication interface to the application processor is exposed to adversaries and restricts the use cases.
Independently of the used approach, TEEs often lack the possibility to establish secure communication to peripherals, and most operating systems executed inside TEEs do not provide state-of-the-art defense strategies, making them vulnerable to various attacks.

We argue that TEEs, such as Intel SGX or ARM TrustZone, implemented on the main application processor, are insecure, especially when considering side-channel attacks.
In this paper, we demonstrate how a heterogeneous multicore architecture can be utilized to realize a secure TEE design.
We directly embed a secure processor into our HECTOR-V architecture to provide strong isolation between the secure and non-secure domain.
The tight coupling of the TEE and the application processor enables HECTOR-V to provide mechanisms for establishing secure communication channels between different devices.
We further introduce RISC-V Secure Co-Processor (RVSCP), a security-hardened processor tailored for TEEs.
To secure applications executed inside the TEE, RVSCP provides hardware enforced control-flow integrity and rigorously restricts I/O accesses to certain execution states.
RVSCP reduces the trusted computing base to a minimum by providing operating system services directly in hardware.
Original languageEnglish
Title of host publicationASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security
PublisherAssociation of Computing Machinery
ISBN (Electronic)978-1-4503-8287-8
Publication statusPublished - May 2021
Event2021 ACM Asia Conference on Computer and Communications Security - Virtuell, China
Duration: 7 Jun 202111 Jun 2021


Conference2021 ACM Asia Conference on Computer and Communications Security
Abbreviated titleACM ASIACCS 2021
Internet address

Cite this