Abstract
Program execution can be tampered with by malicious attackers through exploiting software vulnerabilities. Changing the program behavior by compromising control data and decision data has become the most serious threat in computer system security. Although several hardware approaches have been presented to validate program execution, they either incur great hardware overhead or introduce false alarms. We propose a new hardware-based approach by leveraging the existing speculative architectures for runtime program validation. The on-chip branch target buffer (BTB) is utilized as a cache of the legitimate control flow transfers stored in a secure memory region. In addition, the BTB is extended to store the correct program path information. At each indirect branch site, the BTB is used to validate the decision history of previous conditional branches and monitor the following execution path at runtime. Implementation of this approach is transparent to the upper operating system and programs. Thus, it is applicable to legacy code. Because of good code locality of the executable programs and effectiveness of branch prediction, the frequency of control-flow validations against the secure off-chip memory is low. Our experimental results show a negligible performance penalty and small storage overhead.
- Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. 2005. Secure embedded processing through hardware-assisted run-time monitoring. In Proceedings of the Conference on Design, Automation & Test. 178--183. Google Scholar
Digital Library
- Austin, T., Larson, E., and Ernst, D. 2002. SimpleScalar: An infrastructure for computer system modeling. Comput. 35, 2, 59--67. Google Scholar
Digital Library
- Borin, E., Wang, C., Wu, Y., and Araujo, G. 2005. Dynamic binary control-flow errors detection. ACM SIGARCH Comput. Architect. News 33, 5, 15--20. Google Scholar
Digital Library
- Chiueh, T.-C. and Hsu, F.-H. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the International Conference on Distributed Computing Systems. 409--417. Google Scholar
Digital Library
- Cowen, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium 63--78. Google Scholar
Digital Library
- Crandall, J. R., Wu, S. F., and Chong, F. T. 2006. Minos: Architectural support for protecting control data. ACM Tran. Architect. Code Optim. 3, 4, 359--389. Google Scholar
Digital Library
- Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: A flexible flow architecture for software security. In Proceedings of the International Symposium on Computer Architecture. 482--293. Google Scholar
Digital Library
- Fei, Y. and Shi, Z. J. 2007. Microarchitectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the Design Automation & Test Europe Conference. 815--820. Google Scholar
Digital Library
- Feng, H. H., Giffin, J. T., Huang, Y., Jha, S., Lee, W., and Miller, B. P. 2004. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of the IEEE Symposium on Security & Privacy. 194--208.Google Scholar
- Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. 1996. A sense of self for UNIX processes. In Proceedings of the IEEE Symposium on Security & Privacy. 120--128. Google Scholar
Digital Library
- Frantzen, M. and Shuey, M. 2001. StackGhost: Hardware facilitated stack protection. In Proceedings of the USENIX Security Symposium. 55--66. Google Scholar
Digital Library
- Guthaus, M., Ringenberg, J., Austin, T., Mudge, T., and Brown, R. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE International Workshop on Workload Characterization. 3--14. Google Scholar
Digital Library
- Jimenez, D. A. 2005. Piecewise linear branch prediction. In Proceedings of the IEEE International Symposium on Computer Architecture. 382--393. Google Scholar
Digital Library
- Lee, C.-C., Chen, I.-C. K., and Mudge, T. N. 1997. The bi-mode branch predictor. In Proceedings of the ACM/IEEE International Symposium on Microarchitecture. 4--13. Google Scholar
Digital Library
- Lee, R., Karig, D. K., McGregor, J. P., and Shi, Z. 2003. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the International Conference on Security in Pervasive Computing. 237--252.Google Scholar
- Lin, H., Guan, X., Fei, Y., and Shi, Z. J. 2007. Compiler-assisted architectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the International Conference on Computer Design.Google Scholar
- Mao, S. and Wolf, T. 2007. Hardware support for secure processing in embedded systems. In Proceedings of the Design Automation Conference. 483--488. Google Scholar
Digital Library
- Martinez Santos, J. C. and Fei, Y. 2008. Leveraging speculative architectures for run-time program validation. In Proceedings of the International Conference on Computer Design. 498--505.Google Scholar
- Michael, C. and Ghosh, A. 2000. Using finite automata to mine execution data for intrusion detection: A preliminary report. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Vol. 1907. 66--79. Google Scholar
Digital Library
- One, A. 1996. Smashing the stack for fun and profit. Phrack 7, 49.Google Scholar
- Park, Y., Zhang, Z., and Lee, G. 2006. Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro 26, 4, 62--71. Google Scholar
Digital Library
- Perleberg, C. and Smith, A. J. 1993. Branch target buffer design and optimization. IEEE Trans. Comput. 42, 4, 396--412. Google Scholar
Digital Library
- Pyo, C. and Lee, G. 2002. Encoding function pointers and memory arrangement checking against buffer overflow attacks. In Proceedings of the International Conference on Information & Communications Security. Vol. 2513. 25--36. Google Scholar
Digital Library
- Ragel, R. and Parameswaran, S. 2006. Hardware assisted preemptive control flow checking for embedded processors to improve reliability. In Proceedings of the International Conference on Hardware/Software Codesign & System Synthesis. 100--105. Google Scholar
Digital Library
- Shi, W., Fryman, J., Gu, G., Lee, H.-H., Zhang, Y., and Yang, J. 2006a. InfoShield: A security architecture for protecting information usage in memory. In Proceedings of the International Symposium on High-Performance Computer Architecture, 222--231.Google Scholar
- Shi, Y., Dempsey, S., and Lee, G. 2006b. Architectural support for run-time validation of control flow transfer. In Proceedings of the International Conference on Computer Design. 506--513.Google Scholar
- Shi, Y. and Lee, G. 2007. Augmenting branch predictor to secure program execution. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks. 10--19. Google Scholar
Digital Library
- Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages & Operating Systems. 85--96. Google Scholar
Digital Library
- Thomas, R., Franklin, M., Wilkerson, C., and Stark, J. 2003. Improving branch prediction by dynamic dataflow-based identification of correlated branches from a large global history. In Proceedings of the Interenational Symposium on Computer Architecture. 314--323. Google Scholar
Digital Library
- Tuck, N., Cadler, B., and Varghese, G. 2004. Hardware and binary modification support for code pointer protection from buffer overflow. In Proceedings of the International Symposium on Microarchitecture. 209--220. Google Scholar
Digital Library
- Vachharajani, N., Bridges, M. J., Chang, J., Rangan, R., Ottoni, G., Blome, J. A., Reis, G. A., Vachharajani, M., and August, D. I. 2004. RIFLE: An architectural framework for user-centric information-flow security. In Proceedings of the International Symposium on Microarchitecture. 243--254. Google Scholar
Digital Library
- Wilander, J. and Kamkar, M. 2002. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems (NordSec'02). 68.Google Scholar
- Xu, J. and Nakka, N. 2005. Defeating memory corruption attacks via pointer taintedness detection. In Proceedings of the International Conference on Dependable Systems & Networks. 378--387. Google Scholar
Digital Library
- Ye, D. and Kaeli, D. 2005. A reliable return address stack: Microarchitectural features to defeat stack smashing. In Proceedings of the Workshop on Architectural Support for Security & Antivirus. 73--88.Google Scholar
- Zhang, T., Zhuang, X., Pande, S., and Lee, W. 2005. Anomalous path detection with hardware support. In Proceedings of the International Conference on Compilers, Architecture, & Synthesis for Embedded Systems. 43--54. Google Scholar
Digital Library
Index Terms
Leveraging speculative architectures for runtime program validation
Recommendations
PIFT: efficient dynamic information flow tracking using secure page allocation
WESS '09: Proceedings of the 4th Workshop on Embedded Systems SecurityDynamic information flow tracking (DIFT) has been an effective security countermeasure for both low-level memory corruptions and high-level semantic attacks. However, many software approaches suffers from large performance degradation and hardware ...
Augmenting Branch Predictor to Secure Program Execution
DSN '07: Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and NetworksAlthough there are various ways to exploit software vulnerabilities for malicious attacks, the attacks always result in unexpected behavior in program execution, deviating from what the programmer/user intends to do. Program execution blindly follows ...
Speculative precomputation: long-range prefetching of delinquent loads
Special Issue: Proceedings of the 28th annual international symposium on Computer architecture (ISCA '01)This paper explores Speculative Precomputation, a technique that uses idle thread context in a multithreaded architecture to improve performance of single-threaded applications. It attacks program stalls from data cache misses by pre-computing future ...






Comments