ACE: Confidential Computing for Embedded RISC-V Systems

TL;DR

ACE introduces a confidential computing technology for embedded RISC-V systems, enhancing security and safety in mission-critical applications by leveraging principles of formal verification and virtualization.

Contribution

It presents the first open-source confidential computing solution tailored for embedded RISC-V systems, with a methodology for secure system development and verification.

Findings

ACE is viable on existing RISC-V hardware supporting virtualization.

The methodology can be applied to develop other secure embedded systems.

Prototype evaluation shows promising security and performance results.

Abstract

Confidential computing plays an important role in isolating sensitive applications from the vast amount of untrusted code commonly found in the modern cloud. We argue that it can also be leveraged to build safer and more secure mission-critical embedded systems. In this paper, we introduce the Assured Confidential Execution (ACE), an open-source and royalty-free confidential computing technology targeted for embedded RISC-V systems. We present a set of principles and a methodology that we used to build \ACE and that might be applied for developing other embedded systems that require formal verification. An evaluation of our prototype on the first available RISC-V hardware supporting virtualization indicates that ACE is a viable candidate for our target systems.