Anomalous path detection with hardware support

Zhang, Tao; Zhuang, Xin; Pande, Santosh; Lee, Wenke

doi:10.1145/1086297.1086305

Cited by 55 publications

(36 citation statements)

References 19 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This, together with its sophisticated cache management algorithm, causes considerable memory overhead (3.02MByte vs 512Kbit hardware memory) and performance degradation (up to 170% vs 7.7%) comparing to our solution. Another similar work [25] also validates control flow transfer in hardware. But it mainly focuses on direct jumps and uses a sophisticated co-processor.…”

Section: Related Work and Comparisonssupporting

confidence: 53%

“…Also, during the software testing and development phase, the test cases being used should cover most, if not all, possible execution paths for each branch; therefore an IBP table can be generated as a side product. The second way to initialize the IBP table is to perform "training" as many model-based solutions have done [10][11] [25]. By running the application either in a particular time interval or until the unique IBPs converges in a secure environment, the processor can regard all seen IBPs as legitimate ones.…”

Section: Training Ibp Tablementioning

confidence: 99%

See 1 more Smart Citation

Architectural Support for Run-Time Validation of Control Flow Transfer

Shi¹,

Dempsey²,

Lee³

2006

2006 International Conference on Computer Design

View full text Add to dashboard Cite

Abstract-Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

show abstract

Section: Related Work and Comparisonssupporting

confidence: 53%

Section: Training Ibp Tablementioning

confidence: 99%

Architectural Support for Run-Time Validation of Control Flow Transfer

Shi¹,

Dempsey²,

Lee³

2006

2006 International Conference on Computer Design

View full text Add to dashboard Cite

show abstract

“…The SICM mode makes creation of meaningful arc injection attacks much more difficult, but it does not prevent them. Complete protection from such attacks may be provided by using a dedicated resource to store allowed targets of indirect jumps and a secure stack [8], or by using data encryption.…”

Section: Secure Program Installationmentioning

confidence: 99%

A low overhead hardware technique for software integrity and confidentiality

Rogers

Milenković

2007

2007 25th International Conference on Computer Design

View full text Add to dashboard Cite

show abstract

“…It has been extensively studied for applications in fault tolerance [4,5,8,9,10,11,12,13,14,16] and computer security [1,2,18]. CFC techniques are either implemented in hardware using an on-chip monitor or watchdog processor (WP) [2,4,5,8,9,10,11,13,14,18] (or equivalently, an off-chip WP in systems without on-chip caches) or in software [1,12,16]. Hardware implemented CFC using on-chip WPs have the advantages of potentially low performance overheads, but also the disadvantage of imposing appreciable processor chip-area overhead that can indirectly lower performance (some high-performance enabling hardware has to be left out when the die area is a constraint) or result in higher cost (due to increased die area).…”

Section: Control Flow Checking (Cfc)mentioning

confidence: 99%

“…Hardware implemented CFC using on-chip WPs have the advantages of potentially low performance overheads, but also the disadvantage of imposing appreciable processor chip-area overhead that can indirectly lower performance (some high-performance enabling hardware has to be left out when the die area is a constraint) or result in higher cost (due to increased die area). Software-based CFCs can work with any commodity processor but have the disadvantage of high performance overheads, as well as vulnerability to security attacks [18]. In this paper, we develop techniques for off-chip hardware-based CFC that have little of the above disadvantages of on-chip and software techniques, but have most of their advantages.…”

Section: Control Flow Checking (Cfc)mentioning

confidence: 99%

Off-Chip Control Flow Checking of On-Chip Processor-Cache Instruction Stream

Rota

Dutt

Krishna

2006

2006 21st IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems

View full text Add to dashboard Cite

Control flow checking (CFC) is a well known concurrent checking technique for ensuring that a program's instruction execution sequence follows permissible paths. Almost all CFC techniques require direct access to the CPU-cache bus, meaning that the checking hardware (generally called a watchdog processor (WP)) has to be on-chip. However, an on-chip WP directly accessing the CPU-cache bus has a few disadvantages chief among them being that it will use up appreciable chip real estate of a commodity processor, but may be unnecessary in most environments that do not have significant transient error rates. On the other hand, if an off-chip CFC technique can be developed that imposes minor hardware overheads on the processor chip, then such a WP can be plugged onto the external system bus when needed for concurrent checking, and will have very little of the disadvantages of on-chip WPs. Such an off-chip WP, however, will not generally be able to monitor all instructions due to the bandwidth difference between the CPU bus and the system or memory bus. We present techniques that allow generally effective off-chip CFC using partial access to the instruction execution stream that respects the CPU/system bus bandwidth factor (ratio) K, and still achieve reasonable block-level instruction error coverage ranging from 70-80% for K = 5 to about 94% for a K = 2. Furthermore, our experimental results show that the program-level error coverage is almost 100% even for K = 5 (i.e., we will almost always detect the presence of an instruction error in a program sooner or later before it completes execution, which is useful for fail-safe operation), underscoring the efficacy of our methods.

show abstract

Anomalous path detection with hardware support

Cited by 55 publications

References 19 publications

Architectural Support for Run-Time Validation of Control Flow Transfer

Architectural Support for Run-Time Validation of Control Flow Transfer

A low overhead hardware technique for software integrity and confidentiality

Off-Chip Control Flow Checking of On-Chip Processor-Cache Instruction Stream

Contact Info

Product

Resources

About