{"id":"https://openalex.org/W7148456538","doi":"https://doi.org/10.1109/access.2026.3679984","title":"Toward Secure RISC-V Microarchitecture: Vulnerability Classes and Defenses","display_name":"Toward Secure RISC-V Microarchitecture: Vulnerability Classes and Defenses","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7148456538","doi":"https://doi.org/10.1109/access.2026.3679984"},"language":"en","primary_location":{"id":"doi:10.1109/access.2026.3679984","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679984","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2026.3679984","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121681761","display_name":"Mahreen Khan","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Mahreen Khan","raw_affiliation_strings":["T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France"],"raw_orcid":"https://orcid.org/0009-0004-6276-1961","affiliations":[{"raw_affiliation_string":"T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048830959","display_name":"Maria Mushtaq","orcid":"https://orcid.org/0000-0003-0046-2582"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maria Mushtaq","raw_affiliation_strings":["T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France"],"raw_orcid":"https://orcid.org/0000-0003-0046-2582","affiliations":[{"raw_affiliation_string":"T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132806320","display_name":"Renaud Pacalet","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Renaud Pacalet","raw_affiliation_strings":["T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France"],"raw_orcid":"https://orcid.org/0000-0002-6676-1123","affiliations":[{"raw_affiliation_string":"T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5132829339","display_name":"Ludovic Apvrille","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ludovic Apvrille","raw_affiliation_strings":["T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France"],"raw_orcid":"https://orcid.org/0000-0002-1167-4639","affiliations":[{"raw_affiliation_string":"T&#x00E9;l&#x00E9;com Paris, Institut Polytechnique de Paris, Palaiseau, France","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5121681761"],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.67739872,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"14","issue":null,"first_page":"51504","last_page":"51519"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6596999764442444,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.6596999764442444,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.11739999800920486,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.09440000355243683,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6089000105857849},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3935000002384186},{"id":"https://openalex.org/keywords/electronic-mail","display_name":"Electronic mail","score":0.27730000019073486},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.2500999867916107},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.24070000648498535}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6089000105857849},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5817000269889832},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5728999972343445},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3935000002384186},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.33320000767707825},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.288100004196167},{"id":"https://openalex.org/C3020028006","wikidata":"https://www.wikidata.org/wiki/Q9158","display_name":"Electronic mail","level":2,"score":0.27730000019073486},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.2500999867916107},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.24070000648498535},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.22990000247955322}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2026.3679984","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679984","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:0ae63eec91634e889562caa1c4a699dd","is_oa":false,"landing_page_url":"https://doaj.org/article/0ae63eec91634e889562caa1c4a699dd","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 14, Pp 51504-51519 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2026.3679984","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679984","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7353613127","display_name":null,"funder_award_id":"BPI X7PQC","funder_id":"https://openalex.org/F4320316512","funder_display_name":"Bpifrance"}],"funders":[{"id":"https://openalex.org/F4320316512","display_name":"Bpifrance","ror":"https://ror.org/008zkt807"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"RRISC-V":[0],"is":[1],"an":[2],"open":[3],"instruction":[4],"set":[5],"architecture":[6],"that":[7,33,120],"enables":[8],"a":[9,53],"wide":[10],"range":[11],"of":[12,56,75,139,156],"processor":[13],"implementations":[14,110],"across":[15],"academia":[16],"and":[17,23,38,72,80,87,91,104,111,114,137,145,161,168,174,184,192],"industry.":[18],"While":[19],"its":[20],"architectural":[21],"simplicity":[22],"extensibility":[24],"support":[25,179],"rapid":[26],"innovation,":[27],"RISC-V":[28,60,109,180],"processors":[29],"exhibit":[30],"microarchitectural":[31,57,118,190],"behaviors":[32],"give":[34],"rise":[35],"to":[36,42,129,178],"side-channel":[37],"transient-execution":[39],"vulnerabilities":[40,58,103],"similar":[41],"those":[43],"observed":[44],"in":[45,59,154,187],"other":[46],"high-performance":[47],"CPU":[48],"architectures.":[49],"This":[50],"paper":[51],"presents":[52],"structured":[54],"taxonomy":[55,173],"processors,":[61],"organized":[62],"into":[63],"five":[64],"classes":[65],"based":[66],"on":[67,107],"the":[68,116],"affected":[69],"hardware":[70],"components":[71],"dominant":[73],"sources":[74],"leakage:":[76],"cache-based":[77],"channels,":[78],"speculative":[79],"transient":[81],"execution,":[82],"branch":[83],"prediction":[84],"structures,":[85],"memory":[86],"address":[88],"translation":[89],"subsystems,":[90],"observation":[92],"through":[93],"performance":[94,159],"monitoring":[95],"mechanisms.":[96],"For":[97],"each":[98,130],"class,":[99,132],"we":[100],"examine":[101],"representative":[102],"documented":[105],"attacks":[106],"existing":[108],"research":[112],"prototypes,":[113],"analyze":[115],"underlying":[117],"mechanisms":[119,140],"enable":[121],"information":[122],"leakage.":[123],"We":[124],"further":[125],"study":[126],"countermeasures":[127],"applicable":[128],"vulnerability":[131],"covering":[133],"both":[134,165],"RISC-V-specific":[135],"proposals":[136],"adaptations":[138],"previously":[141],"developed":[142],"for":[143],"x86":[144],"ARM":[146],"platforms.":[147],"The":[148,171],"surveyed":[149],"defenses":[150],"are":[151],"systematically":[152],"analyzed":[153],"terms":[155],"security":[157],"coverage,":[158],"overhead,":[160],"implementation":[162],"complexity,":[163],"highlighting":[164],"their":[166],"strengths":[167],"practical":[169],"limitations.":[170],"resulting":[172],"comparative":[175],"analysis":[176],"aim":[177],"architects,":[181],"system":[182,196],"designers,":[183],"software":[185],"developers":[186],"reasoning":[188],"about":[189],"risks":[191],"mitigation":[193],"trade-offs":[194],"during":[195],"design.":[197]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2026-04-03T00:00:00"}