SecWalk: Protecting Page Table Walks Against Fault Attacks

Robert Schilling, Pascal Nasahl, Stefan Weiglhofer, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


The correct execution of a memory load and store is essential for the flawless execution of a program. However, as soon as devices are deployed in hostile environments, fault attacks can manipulate memory operations and subsequently alter the execution of a program. While memory accesses for simple processors with direct memory access can efficiently be protected against fault attacks, larger processors with virtual addressing lack this protection. However, the number of systems with larger application-class processors is growing, leaving many applications unprotected. It requires new countermeasures to efficiently protect memory accesses of processors with virtual memory against fault attacks. In this work, we present SecWalk, a design to efficiently protect all memory accesses of a program in the virtual and physical memory domain against fault attacks. We enhance residual-based pointer protection with a hardware-based secure page table walk inside the memory management unit. The page table walk securely translates a protected virtual address to a protected physical address by exploiting the redundancy properties of encoded addresses and a linking mechanism in the memory management unit. Furthermore, we extend the protection domain for virtual addresses to the TLB to also protect fast translations. To evaluate the overhead, we integrate SecWalk to an FPGA-based open-source RISC-V core, where SecWalk extends the area of the design by 10 %. The software evaluation on a set of microbenchmarks shows an average code overhad of 11.05 % and runtime overhead of 7.17 %. To show the applicability on real-life applications, we port the microkernel seL4 to SecWalk, which yields a code overhead of 13.1 % and a runtime overhead of 11.6 %. The evaluation shows the overhead is small considering that SecWalk automatically protects all memory accesses of arbitrary applications against faults.

Original languageEnglish
Title of host publicationProceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021
Number of pages12
ISBN (Electronic)9781665413572
Publication statusPublished - 2021

Publication series

NameProceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021


  • countermeasure
  • fault attacks
  • page Table walk
  • risc-v
  • virtual memory

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this