.png?width=150&height=64&name=Cycuity_an%20Arteris%20brand_%20logo%20lockup%20final%20(3).png "Cycuity_an Arteris brand_ logo lockup final (3)")
.png)
Enabling Comprehensive CWE-based Assurance
for RISC-V Processors
Presented at GOMACTech 2026
Abstract
This paper presents a scalable, Common Weakness Enumeration (CWE)–based security assurance methodology for third-party RISC-V processor IP, developed collaboratively by Cycuity, BAE Systems, and SiFive. The approach adapts the MITRE Corporation CWE framework to systematically derive security requirements, verification properties, and evidence for RISC-V cores treated as third-party IP. By introducing reusable assurance templates, portable security tests, and a “golden model” reference, the methodology reduces non-recurring engineering effort while enabling consistent, repeatable verification across implementations. Demonstrated on all 60 CWEs in scope for SiFive’s X280 processor, results show improved scalability, portability, and efficiency in achieving comprehensive hardware security assurance for the broader RISC-V ecosystem.
Sign up below to access the GOMAC Conference paper "Enabling Comprehensive CWE-based Assurance for RISC-V Processors."