Example - 1

Consider a system with a register for storing AES key for encryption or decryption. The key is 128 bits, implemented as a set of four 32-bit registers. The key registers are assets and registers, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary access controls.The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each register is a 32-bit register, and it can support access control for a maximum of 32 agents. The number of the bit when set (i.e., "1") allows respective action from an agent whose identity matches the number of the bit and, if "0" (i.e., Clear), disallows the respective action to that corresponding agent.

<xhtml_table><xhtml_tr><xhtml_th>Register</xhtml_th><xhtml_th>Field description</xhtml_th></xhtml_tr><xhtml_tr><xhtml_td>AES_ENC_DEC_KEY_0</xhtml_td><xhtml_td>
AES key [0:31] for encryption or decryptionDefault 0x00000000</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>AES_ENC_DEC_KEY_1</xhtml_td><xhtml_td>
AES key [32:63] for encryption or decryptionDefault 0x00000000</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>AES_ENC_DEC_KEY_2</xhtml_td><xhtml_td>
AES key [64:95] for encryption or decryptionDefault 0x00000000</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>AES_ENC_DEC_KEY_4</xhtml_td><xhtml_td>
AES key [96:127] for encryption or decryptionDefault 0x00000000</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>AES_KEY_READ_WRITE_POLICY</xhtml_td><xhtml_td>[31:0] Default 0x00000006 - meaning agent with identities "1" and "2" can both read from and write to key registers</xhtml_td></xhtml_tr></xhtml_table>

In the above example, there is only one policy register that controls access to both read and write accesses to the AES-key registers, and thus the design is not granular enough to separate read and writes access for different agents. Here, agent with identities "1" and "2" can both read and write.

A good design should be granular enough to provide separate access controls to separate actions. Access control for reads should be separate from writes. Below is an example of such implementation where two policy registers are defined for each of these actions. The policy is defined such that: the AES-key registers can only be read or used by a crypto agent with identity "1" when bit #1 is set. The AES-key registers can only be programmed by a trusted firmware with identity "2" when bit #2 is set.

<xhtml_table><xhtml_tr><xhtml_td>AES_KEY_READ_POLICY</xhtml_td><xhtml_td>[31:0] Default 0x00000002 - meaning only Crypto engine with identity "1" can read registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>AES_KEY_WRITE_POLICY</xhtml_td><xhtml_td>[31:0] Default 0x00000004 - meaning only trusted firmware with identity "2" can program registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3</xhtml_td></xhtml_tr></xhtml_table>

Example - 2

Within the AXI node interface wrapper module in the RISC-V AXI module of the HACK@DAC'19 CVA6 SoC [REF-1346], an access control mechanism is employed to regulate the access of different privileged users to peripherals.

The AXI ensures that only users with appropriate privileges can access specific peripherals. For instance, a ROM module is accessible exclusively with Machine privilege, and AXI enforces that users attempting to read data from the ROM must possess machine privilege; otherwise, access to the ROM is denied. The access control information and configurations are stored in a ROM.

<xhtml_b>assign connectivity_map_o[i][j] = access_ctrl_i[i][j][priv_lvl_i] || ((j==6) && access_ctrl_i[i][7][priv_lvl_i]);</xhtml_b>for (j=0; j<NB_MANAGER; j++)beginendfor (i=0; i<NB_SUBORDINATE; i++)beginend......

However, in the example code above, while assigning distinct privileges to AXI manager and subordinates, both the Platform-Level Interrupt Controller Specification (PLIC) and the Core-local Interrupt Controller (CLINT) (which are peripheral numbers 6 and 7 respectively) utilize the same access control configuration. This common configuration diminishes the granularity of the AXI access control mechanism.

In certain situations, it might be necessary to grant higher privileges for accessing the PLIC than those required for accessing the CLINT. Unfortunately, this differentiation is overlooked, allowing an attacker to access the PLIC with lower privileges than intended.

As a consequence, unprivileged code can read and write to the PLIC even when it was not intended to do so. In the worst-case scenario, the attacker could manipulate interrupt priorities, potentially modifying the system's behavior or availability.

To address the aforementioned vulnerability, developers must enhance the AXI access control granularity by implementing distinct access control entries for the Platform-Level Interrupt Controller (PLIC) and the Core-local Interrupt Controller (CLINT). By doing so, different privilege levels can be defined for accessing PLIC and CLINT, effectively thwarting the potential attacks previously highlighted. This approach ensures a more robust and secure system, safeguarding against unauthorized access and manipulation of interrupt priorities. [REF-1347]

<xhtml_b>assign connectivity_map_o[i][j] = access_ctrl_i[i][j][priv_lvl_i];</xhtml_b>for (j=0; j<NB_MANAGER; j++)beginendfor (i=0; i<NB_SUBORDINATE; i++)beginend......

Example - 3

Consider the following SoCdesign. The sram in HRoT has an address range that is readable and writable by unprivilegedsoftware and it has an area that is only readable by unprivileged software. The tbusinterconnect enforces access control for subordinates on the bus but uses only one bit to controlboth read and write access. Address 0xA0000000 - 0xA000FFFF is readable and writableby the untrusted cores core{0-N} and address 0xA0010000 - 0xA001FFFF is onlyreadable by the untrusted cores core{0-N}.

The security policy access control is not granular enough, as it uses one bit to enable bothread and write access. This gives write access to an area that should only be readableby unprivileged agents.Access control logic should differentiate between read and write access and to havesufficient address granularity.