skip to main content
research-article

Leveraging speculative architectures for runtime program validation

Published:05 September 2013Publication History
Skip Abstract Section

Abstract

Program execution can be tampered with by malicious attackers through exploiting software vulnerabilities. Changing the program behavior by compromising control data and decision data has become the most serious threat in computer system security. Although several hardware approaches have been presented to validate program execution, they either incur great hardware overhead or introduce false alarms. We propose a new hardware-based approach by leveraging the existing speculative architectures for runtime program validation. The on-chip branch target buffer (BTB) is utilized as a cache of the legitimate control flow transfers stored in a secure memory region. In addition, the BTB is extended to store the correct program path information. At each indirect branch site, the BTB is used to validate the decision history of previous conditional branches and monitor the following execution path at runtime. Implementation of this approach is transparent to the upper operating system and programs. Thus, it is applicable to legacy code. Because of good code locality of the executable programs and effectiveness of branch prediction, the frequency of control-flow validations against the secure off-chip memory is low. Our experimental results show a negligible performance penalty and small storage overhead.

References

  1. Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. 2005. Secure embedded processing through hardware-assisted run-time monitoring. In Proceedings of the Conference on Design, Automation & Test. 178--183. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Austin, T., Larson, E., and Ernst, D. 2002. SimpleScalar: An infrastructure for computer system modeling. Comput. 35, 2, 59--67. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Borin, E., Wang, C., Wu, Y., and Araujo, G. 2005. Dynamic binary control-flow errors detection. ACM SIGARCH Comput. Architect. News 33, 5, 15--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Chiueh, T.-C. and Hsu, F.-H. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the International Conference on Distributed Computing Systems. 409--417. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Cowen, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium 63--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Crandall, J. R., Wu, S. F., and Chong, F. T. 2006. Minos: Architectural support for protecting control data. ACM Tran. Architect. Code Optim. 3, 4, 359--389. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: A flexible flow architecture for software security. In Proceedings of the International Symposium on Computer Architecture. 482--293. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Fei, Y. and Shi, Z. J. 2007. Microarchitectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the Design Automation & Test Europe Conference. 815--820. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Feng, H. H., Giffin, J. T., Huang, Y., Jha, S., Lee, W., and Miller, B. P. 2004. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of the IEEE Symposium on Security & Privacy. 194--208.Google ScholarGoogle Scholar
  10. Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. 1996. A sense of self for UNIX processes. In Proceedings of the IEEE Symposium on Security & Privacy. 120--128. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Frantzen, M. and Shuey, M. 2001. StackGhost: Hardware facilitated stack protection. In Proceedings of the USENIX Security Symposium. 55--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Guthaus, M., Ringenberg, J., Austin, T., Mudge, T., and Brown, R. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE International Workshop on Workload Characterization. 3--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Jimenez, D. A. 2005. Piecewise linear branch prediction. In Proceedings of the IEEE International Symposium on Computer Architecture. 382--393. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Lee, C.-C., Chen, I.-C. K., and Mudge, T. N. 1997. The bi-mode branch predictor. In Proceedings of the ACM/IEEE International Symposium on Microarchitecture. 4--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Lee, R., Karig, D. K., McGregor, J. P., and Shi, Z. 2003. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the International Conference on Security in Pervasive Computing. 237--252.Google ScholarGoogle Scholar
  16. Lin, H., Guan, X., Fei, Y., and Shi, Z. J. 2007. Compiler-assisted architectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the International Conference on Computer Design.Google ScholarGoogle Scholar
  17. Mao, S. and Wolf, T. 2007. Hardware support for secure processing in embedded systems. In Proceedings of the Design Automation Conference. 483--488. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Martinez Santos, J. C. and Fei, Y. 2008. Leveraging speculative architectures for run-time program validation. In Proceedings of the International Conference on Computer Design. 498--505.Google ScholarGoogle Scholar
  19. Michael, C. and Ghosh, A. 2000. Using finite automata to mine execution data for intrusion detection: A preliminary report. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Vol. 1907. 66--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. One, A. 1996. Smashing the stack for fun and profit. Phrack 7, 49.Google ScholarGoogle Scholar
  21. Park, Y., Zhang, Z., and Lee, G. 2006. Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro 26, 4, 62--71. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Perleberg, C. and Smith, A. J. 1993. Branch target buffer design and optimization. IEEE Trans. Comput. 42, 4, 396--412. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Pyo, C. and Lee, G. 2002. Encoding function pointers and memory arrangement checking against buffer overflow attacks. In Proceedings of the International Conference on Information & Communications Security. Vol. 2513. 25--36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Ragel, R. and Parameswaran, S. 2006. Hardware assisted preemptive control flow checking for embedded processors to improve reliability. In Proceedings of the International Conference on Hardware/Software Codesign & System Synthesis. 100--105. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Shi, W., Fryman, J., Gu, G., Lee, H.-H., Zhang, Y., and Yang, J. 2006a. InfoShield: A security architecture for protecting information usage in memory. In Proceedings of the International Symposium on High-Performance Computer Architecture, 222--231.Google ScholarGoogle Scholar
  26. Shi, Y., Dempsey, S., and Lee, G. 2006b. Architectural support for run-time validation of control flow transfer. In Proceedings of the International Conference on Computer Design. 506--513.Google ScholarGoogle Scholar
  27. Shi, Y. and Lee, G. 2007. Augmenting branch predictor to secure program execution. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks. 10--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages & Operating Systems. 85--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Thomas, R., Franklin, M., Wilkerson, C., and Stark, J. 2003. Improving branch prediction by dynamic dataflow-based identification of correlated branches from a large global history. In Proceedings of the Interenational Symposium on Computer Architecture. 314--323. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Tuck, N., Cadler, B., and Varghese, G. 2004. Hardware and binary modification support for code pointer protection from buffer overflow. In Proceedings of the International Symposium on Microarchitecture. 209--220. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Vachharajani, N., Bridges, M. J., Chang, J., Rangan, R., Ottoni, G., Blome, J. A., Reis, G. A., Vachharajani, M., and August, D. I. 2004. RIFLE: An architectural framework for user-centric information-flow security. In Proceedings of the International Symposium on Microarchitecture. 243--254. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Wilander, J. and Kamkar, M. 2002. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems (NordSec'02). 68.Google ScholarGoogle Scholar
  33. Xu, J. and Nakka, N. 2005. Defeating memory corruption attacks via pointer taintedness detection. In Proceedings of the International Conference on Dependable Systems & Networks. 378--387. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Ye, D. and Kaeli, D. 2005. A reliable return address stack: Microarchitectural features to defeat stack smashing. In Proceedings of the Workshop on Architectural Support for Security & Antivirus. 73--88.Google ScholarGoogle Scholar
  35. Zhang, T., Zhuang, X., Pande, S., and Lee, W. 2005. Anomalous path detection with hardware support. In Proceedings of the International Conference on Compilers, Architecture, & Synthesis for Embedded Systems. 43--54. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Leveraging speculative architectures for runtime program validation

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                • Article Metrics

                  • Downloads (Last 12 months)4
                  • Downloads (Last 6 weeks)0

                  Other Metrics

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!