skip to main content
research-article
Open Access

Architectural Support for Software-Defined Metadata Processing

Published:14 March 2015Publication History
Skip Abstract Section

Abstract

Optimized hardware for propagating and checking software-programmable metadata tags can achieve low runtime overhead. We generalize prior work on hardware tagging by considering a generic architecture that supports software-defined policies over metadata of arbitrary size and complexity; we introduce several novel microarchitectural optimizations that keep the overhead of this rich processing low. Our model thus achieves the efficiency of previous hardware-based approaches with the flexibility of the software-based ones. We demonstrate this by using it to enforce four diverse safety and security policies---spatial and temporal memory safety, taint tracking, control-flow integrity, and code and data separation---plus a composite policy that enforces all of them simultaneously. Experiments on SPEC CPU2006 benchmarks with a PUMP-enhanced RISC processor show modest impact on runtime (typically under 10%) and power ceiling (less than 10%), in return for some increase in energy usage (typically under 60%) and area for on-chip memory structures (110%).

References

  1. Alpha Architecture Handbook. Digital Equipment Corporation, 1992.Google ScholarGoogle Scholar
  2. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity. In 12th ACM Conference on Computer and Communications Security, pages 340--353. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information System Security, 13(1), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Abadi and C. Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, pages 107--121. The Internet Society, 2003.Google ScholarGoogle Scholar
  5. D. Arora, S. Ravi, A. Raghunathan, and N. K. Jha. Architectural support for run-time validation of program data properties. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 15(5):546--559, May 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Arvind, R. S. Nikhil, and K. K. Pingali. I-structures: Data structures for parallel computing. In Proceedings of the Workshop on Graph Reduction (Springer-Verlag Lecture Notes in Computer Science 279), Sept. 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. T. H. Austin and C. Flanagan. Efficient purely-dynamic information flow analysis. In Workshop on Programming Languages and Analysis for Security (PLAS), PLAS, pages 113--124. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Bichhawat, V. Rajani, D. Garg, and C. Hammer. Information flow control in WebKit's JavaScript bytecode. In 3rd International Conference on Principles of Security and Trust, volume 8414 of Lecture Notes in Computer Science, pages 159--178. Springer, 2014.Google ScholarGoogle ScholarCross RefCross Ref
  9. N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and D. A. Wood. The gem5 simulator. SIGARCH Comput. Archit. News, 39(2):1--7, Aug. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. E. Blem, J. Menon, and K. Sankaralingam. Power Struggles: Revisiting the RISC vs. CISC Debate on Contemporary ARM and x86 Architectures. In Proc. HPCA, pages 1--12, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Brown and T. F. Knight, Jr. A minimally trusted computing base for dynamically ensuring secure information flow. Technical Report 5, MIT CSAIL, November 2001. Aries Memo No. 15.Google ScholarGoogle Scholar
  12. J. M. Chambers, W. S. Cleveland, B. Kleiner, and P. A. Tukey. Graphical Methods for Data Analysis. Wadsworth Statistics/Probability Series. Duxbury Press, 1983.Google ScholarGoogle Scholar
  13. S. Chen, B. Falsafi, P. B. Gibbons, M. Kozuch, T. C. Mowry, R. Teodorescu, A. Ailamaki, L. Fix, G. R. Ganger, B. Lin, and S. W. Schlosser. Log-based architectures for general-purpose monitoring of deployed code. In 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID), pages 63--65. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. B. Gibbons, T. C. Mowry, V. Ramachandran, O. Ruwase, M. P. Ryan, and E. Vlachos. Flexible hardware acceleration for instruction-grain program monitoring. In 35th International Symposium on Computer Architecture (ISCA), pages 377--388. IEEE, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. Iyer. Defeating memory corruption attacks via pointer taintedness detection. In International Conference on Dependable Systems and Networks (DSN), pages 378--387, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Y.-Y. Chen, P. A. Jamkhedkar, and R. B. Lee. A software- hardware architecture for self-protecting data. In ACM Conference on Computer and Communications Security, pages 14--27. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. A. Clause, I. Doudalis, A. Orso, and M. Prvulovic. Effective memory protection using dynamic tainting. In 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 284--292. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. L. Corliss, E. C. Lewis, and A. Roth. DISE: a programmable macro engine for customizing applications. SIGARCH Comput. Archit. News, 31(2):362--373, May 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. J. R. Crandall, F. T. Chong, and S. F. Wu. Minos: Architectural support for protecting control data. ACM Transactions on Architecture and Code Optimization, 5:359--389, December 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete control-flow integrity for commodity operating system kernels. In IEEE Security and Privacy Symposium, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. W. J. Dally, J. Balfour, D. Black-Shaffer, J. Chen, R. C. Harting, V. Parikh, J. Park, and D. Sheffield. Efficient embedded computing. IEEE Computer, 41(7):27--32, July 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: a flexible information flow architecture for software security. In International Symposium on Computer Architecture (ISCA), pages 482--493, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. L. Davi, A. Sadeghi, D. Lehmann, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In 23rd USENIX Security Symposium, pages 401--416, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. D. Y. Deng and G. E. Suh. High-performance parallel accelerator for flexible and efficient run-time monitoring. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 1--12. IEEE Computer Society, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. HardBound: Architectural support for spatial safety of the C programming language. In 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 103--114, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. U. Dhawan and A. DeHon. Area-efficient near-associative memories on FPGAs. In Proceedings of the International Symposium on Field-Programmable Gate Arrays, pages 191--200, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. U. Dhawan, C. Hriţcu, R. Rubin, N. Vasilakis, S. Chiricescu, J. M. Smith, T. F. Knight, Jr., B. C. Pierce, and A. DeHon. Online appendix to Architectural support for software-defined metadata processing. Available from http://ic.ese.upenn.edu/abstracts/sdmp_asplos2015.html, January 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Ú. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software guards for system address spaces. In 7th Symposium on Operating Systems Design and Implementation, pages 75--88. USENIX Association, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. E. A. Feustel. On the advantages of tagged architectures. IEEE Transactions on Computers, 22:644--652, July 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Fytraki, E. Vlachos, Y. O. Koçberber, B. Falsafi, and B. Grot. FADE: A programmable filtering accelerator for instruction-grain monitoring. In 20th IEEE International Symposium on High Performance Computer Architecture, pages 108--119, 2014.Google ScholarGoogle ScholarCross RefCross Ref
  31. E. Göktaş, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In IEEE Symposium on Security and Privacy, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In 25th IEEE Computer Security Foundations Symposium (CSF), CSF, pages 3--18. IEEE, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. J. L. Henning. SPEC CPU2006 benchmark descriptions. SIGARCH Comput. Archit. News, 34(4):1--17, Sept. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. E. Houdek, F. G. Soltis, and R. L. Hoffman. IBM System/38 Support for Capability-based Addressing. In Proceedings of the Eighth Annual Symposium on Computer Architecture, pages 341--348, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. C. Hriţtcu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your IFCException are belong to us. In 34th IEEE Symposium on Security and Privacy, pages 3--17. IEEE Computer Society Press, May 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Introduction to Intel Memory Protection extensions. http://software.intel.com/en-us/articles/introduction-to-intel-memory-protection-extensions. Accessed: 2014-05-24.Google ScholarGoogle Scholar
  37. M. G. Kang, S. McCamant, P. Poosankam, and D. Song. DTA++: Dynamic taint analysis with targeted control-flow propagation. In Network and Distributed System Security Symposium (NDSS). The Internet Society, 2011.Google ScholarGoogle Scholar
  38. H. Kannan. Ordering decoupled metadata accesses in multi-processors. In Proceedings of IEEE/ACM International Symposium on Microarchitecture, MICRO 42, pages 381--390, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. D. King, B. Hicks, M. Hicks, and T. Jaeger. Implicit flows: Can't live with 'em, can't live without 'em. In 4th International Conference on Information Systems Security, ICISS, pages 56--70, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. A. Kwon, U. Dhawan, J. M. Smith, T. F. Knight, Jr., and A. DeHon. Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 721--732. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. K. Mai, R. Ho, E. Alon, D. Liu, Y. Kim, D. Patil, and M. Horowitz. Architecture and Circuit Techniques for a 1.1GHz 16-kb Reconfigurable Memory in 0.18um-CMOS. IEEE J. Solid-State Circuits, 40(1):261--275, January 2005.Google ScholarGoogle ScholarCross RefCross Ref
  42. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Workshop on Hardware and Architectural Support for Security and Privacy, pages 10:1--10:1, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. M. S. Miller, K.-P. Yee, and J. Shapiro. Capability myths demolished. Version submitted to Usenix Security 2003., 2003.Google ScholarGoogle Scholar
  44. D. A. Moon. Architecture of the Symbolics 3600. In Proceedings of the 12th Annual International Symposium on Computer Architecture, ISCA, pages 76--83, Los Alamitos, CA, USA, 1985. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. N. Muralimanohar, R. Balasubramonian, and N. P. Jouppi. CACTI 6.0: A tool to model large caches. HPL 2009-85, HP Labs, Palo Alto, CA, April 2009. Latest code release for CACTI 6 is 6.5.Google ScholarGoogle Scholar
  46. S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Hardware-Enforced Comprehensive Memory Safety. IEEE Micro, 33(3):38--47, May-June 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Watch- dogLite: Hardware-accelerated compiler-based pointer checking. In 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization, page 175. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: compiler enforced temporal safety for C. In 9th International Symposium on Memory Management, pages 31--40. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In the Network and Distributed System Security Symposium (NDSS). The Internet Society, 2005.Google ScholarGoogle Scholar
  50. B. Niu and G. Tan. Modular control-flow integrity. In ACM SIGPLAN Conference on Programming Language Design and Implementation, page 58. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. E. I. Organick. Computer System Organization: The B5700/B6700 Series. Academic Press, 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. D. A. Patterson and C. H. Sequin. RISC I: A Reduced Instruction Set VLSI Computer. In Proceedings of the 8th Annual Symposium on Computer Architecture, ISCA '81, pages 443--457, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. F. Qin, C. Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In 39th IEEE/ACM International Symposium on Microarchitecture (MICRO-39), pages 135--148, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and W. S. Beebee, Jr. Enhancing Server Availability and Security Through Failure-Oblivious Computing. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI), December 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. D. Ritchie and K. Thompson. The UNIX Time-Sharing System. Bell System Technical Journal, 57(6):1905--1930, 1978.Google ScholarGoogle ScholarCross RefCross Ref
  56. A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In 23rd Computer Security Foundations Symposium (CSF), CSF, pages 186--199. IEEE Computer Society, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. O. Ruwase and M. S. Lam. A Practical Dynamic Buffer Overflow Detector. In Proc. NDSS, pages 159--169, 2004.Google ScholarGoogle Scholar
  58. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic race detector for multi-threaded programs. ACM Transactions on Computer Systems, 15(4), 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proc. ACM CCS, pages 552--561, Oct. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. R. Shioya, D. Kim, K. Horio, M. Goshima, and S. Sakai. Low- overhead architecture for security tag. In Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC '09, pages 135--142, Washington, DC, USA, 2009. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. B. J. Smith. A pipelined, shared-resource MIMD computer. In Proc. ICPP, pages 6--8, 1978.Google ScholarGoogle Scholar
  62. D. Stefan, A. Russo, J. C. Mitchell, and D. Mazières. Flexible dynamic information flow control in Haskell. In 4th Symposium on Haskell, pages 95--106. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85--96, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. G. S. Taylor, P. N. Hilfinger, J. R. Larus, D. A. Patterson, and B. G. Zorn. Evaluation of the SPUR lisp architecture. In Proceedings of the 13th annual International Symposium on Computer architecture, ISCA, pages 444--452, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. M. Tiwari, B. Agrawal, S. Mysore, J. Valamehr, and T. Sherwood. A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow Tags. In Proc. MICRO, pages 94--105, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. G. Venkataramani, I. Doudalis, Y. Solihin, and M. Prvulovic. FlexiTaint: A programmable accelerator for dynamic taint propagation. In 14th International Symposium on High Performance Computer Architecture (HPCA), pages 173--184, Feb. 2008.Google ScholarGoogle ScholarCross RefCross Ref
  67. E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In 10th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS X, pages 304--316, New York, NY, USA, 2002. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. J. Woodruff, R. N. Watson, D. Chisnall, S. W. Moore, J. Anderson, B. Davis, B. Laurie, P. G. Neumann, R. Norton, and M. Roe. The CHERI capability model: Revisiting RISC in an age of risk. In Proc. of the International Symposium on Computer Architecture (ISCA), pages 457--468, June 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: a sandbox for portable, untrusted x86 native code. Communications of the ACM, 53(1):91--99, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In Proceedings of the Symposium on Operating Systems Principles, Big Sky, MT, USA, October 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware enforcement of application security policies using tagged memory. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI, pages 225--240. USENIX Association, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical Control Flow Integrity & Randomization for Binary Executables. In IEEE Symposium on Security and Privacy, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. P. Zhou, R. Teodorescu, and Y. Zhou. HARD: Hardware-assisted lockset-based race recording. In Proc. HPCA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Architectural Support for Software-Defined Metadata Processing

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 50, Issue 4
      ASPLOS '15
      April 2015
      676 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2775054
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems
        March 2015
        720 pages
        ISBN:9781450328357
        DOI:10.1145/2694344

      Copyright © 2015 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 14 March 2015

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!