This work addresses the security and real-time challenges arising from heterogeneous integration in mixed-criticality RISC-V system-on-chip (SoC) designs by proposing an enhanced system-level isolation scheme. The approach improves interoperability among hardware isolation mechanisms—namely RISC-V Worlds, IOPMP, and SmMTT—and introduces a configuration-agnostic World checker to guarantee fixed access latency and reduced worst-case execution time. Experimental results demonstrate that the proposed solution strengthens security isolation while reducing SoC area overhead by up to approximately 5%, without compromising power efficiency or performance. To foster the evolution of RISC-V security standards, all artifacts and implementations will be open-sourced.

As RISC-V adoption accelerates, domains such as automotive, the Internet of Things (IoT), and industrial control are attracting growing attention. These domains are subject to stringent Size, Weight, Power, and Cost (SWaP-C) constraints, which have driven a shift toward heterogeneous Systems-on-Chip (SoCs) integrating general-purpose CPUs, tightly coupled accelerators, and diverse I/O devices with different integrity levels. While such integration improves cost efficiency and performance, it introduces a fundamental safety and security challenge: enforcing system-level isolation in mixed-criticality environments. Although RISC-V International has proposed several hardware isolation primitives, including RISC-V Worlds, IOPMP, and SmMTT, their interoperability, scalability, and suitability for real-time systems remain insufficiently understood. In this paper, we present a comparative analysis of these primitives from the perspective of practical heterogeneous SoC designs. We implement an IOPMP, a World-based checker, and a modified RISC-V World checker that addresses key limitations of the baseline specification, and evaluate their trade-offs in terms of security guarantees and power-performance-area (PPA). Our results show that the World-based checker introduces a fixed, configuration-independent access latency, achieving lower worst-case delay than the evaluated alternatives while scaling predictably with system size. At the macro level, we estimate that the proposed modifications reduce SoC area by up to approximately 5% compared to a baseline design. All artifacts will be released as open source, and we expect these findings to directly contribute to the evolution and ratification of RISC-V specifications, as well as to the design of future RISC-V SoCs.