Presented at
DEF CON 33 (2025),
Aug. 9, 2025, 11 a.m.
(45 minutes).
Security research has been focused on securing well-known, widely replicated ecosystems where problems and solutions are shared across the industry. But what happens when you build something no one else has? How do you secure an architecture that's both proprietary and deployed at billion-core scale?
In 2016, NVIDIA began transitioning its internal Falcon microprocessor, used in nearly all GPU products, to a RISC-V based architecture. Today, each chipset has 10-40 cores, and in 2024, NVIDIA surpassed 1 billion RISC-V cores shipped. This success came with unique security challenges, ones that existing models couldn't solve.
To address them, we created a custom SW and HW security architecture from scratch. Including a purpose-built Separation Kernel SW, novel RISC-V ISA extensions like Pointer Masking, IOPMP (later ratified), and unique secure boot and attestation solution. But how do you future-proof a proprietary ecosystem against tomorrow's threats?
In this talk, we'll share what we learned, and what's next. From HW-assisted memory safety (HWASAN, MTE) to control-flow integrity (CFI) and CHERI-like models, we'll explore how NVIDIA is preparing not only its RISC-V ecosystem for the evolving threat landscape. If you care about real-world security at an unprecedented scale, this is a journey you won't want to miss.
References:
- [RISC-V Pointer Masking extension](https://github.com/riscv/riscv-j-extension/blob/master/zjpm-spec.pdf)
- [RISC-V CFI Extension](https://github.com/riscv/riscv-cfi/tree/main/src)
- [RISC-V CHERI](https://github.com/riscv/riscv-cheri)
- [RISC-V HFI](https://shravanrn.com/riscv-hfi.pdf)
- [RISC-V Privileged spec](https://github.com/riscv/riscv-isa-manual/releases/download/Priv-v1.12/riscv-privileged-20211203.pdf)
- [Systematically Securing the RISCV - Secure Foundation for Embedded Functionality - Marko Mitic, NVIDIA](https://riscvsummit2021.sched.com/event/nfFG/systematically-securing-the-riscv-secure-foundation-for-embedded-functionality-marko-mitic-nvidia)
Presenters:
-
Adam Zabrocki / pi3
as Adam "pi3" Zabrocki
Adam ‘pi3’ Zabrocki is a Director of Offensive Security at NVIDIA and specializes in low-level security research. He created Linux Kernel Runtime Guard (LKRG) project defended by Openwall and has worked in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (virustotal.com), Wroclaw Center for Networking and Supercomputing, Cigital and more.
Adam has contributed to numerous projects, found vulnerabilities in various systems (including Hyper-V, KVM, RISC-V ISA, Intel's Reference Code, Intel/NVIDIA vGPU, Linux kernel, FreeBSD, OpenSSH, gcc SSP/ProPolice, Apache), and published research in Phrack Magazine.
He serves as Vice-Chair of the RISC-V J-extension group and has developed key security extensions for RISC-V (Pointer Masking/HWASAN, Control Flow Integrity) currently working on Memory Tagging. Coauthor of a Windows Internals and twice nominated for The Pwnie Awards, he has spoken at major security conferences like Blackhat and DEF CON, Security BSides, more
-
Marko Mitic
Marko is a Software Security Architect and System Software Manager focused on secure system design and product security, currently managing NVIDIA’s Core RISC-V team. For the past 10 years at NVIDIA he worked on designing key security aspects for the core system software architecture and drove offensive security practices for GPU system software. He was Security and Risk Officer and PSIRT lead responsible for driving and tracking PSIRT issues and developing remediation plans. In the recent years, his focus was RISC-V, where he has been driving NVIDIA’s RISCV security architecture and implementation, bringing NVRISCV TEE to fruition in shipping NVIDIA products. Motivated by incident response experience, he now passionately leads the adoption of Ada/SPARK, formally verifiable programming language, as powerful tools for reducing security risks in NVIDIA’s most critical software components.
Similar Presentations: