skip to main content
research-article

Leveraging speculative architectures for runtime program validation

Published: 05 September 2013 Publication History

Abstract

Program execution can be tampered with by malicious attackers through exploiting software vulnerabilities. Changing the program behavior by compromising control data and decision data has become the most serious threat in computer system security. Although several hardware approaches have been presented to validate program execution, they either incur great hardware overhead or introduce false alarms. We propose a new hardware-based approach by leveraging the existing speculative architectures for runtime program validation. The on-chip branch target buffer (BTB) is utilized as a cache of the legitimate control flow transfers stored in a secure memory region. In addition, the BTB is extended to store the correct program path information. At each indirect branch site, the BTB is used to validate the decision history of previous conditional branches and monitor the following execution path at runtime. Implementation of this approach is transparent to the upper operating system and programs. Thus, it is applicable to legacy code. Because of good code locality of the executable programs and effectiveness of branch prediction, the frequency of control-flow validations against the secure off-chip memory is low. Our experimental results show a negligible performance penalty and small storage overhead.

References

[1]
Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. 2005. Secure embedded processing through hardware-assisted run-time monitoring. In Proceedings of the Conference on Design, Automation & Test. 178--183.
[2]
Austin, T., Larson, E., and Ernst, D. 2002. SimpleScalar: An infrastructure for computer system modeling. Comput. 35, 2, 59--67.
[3]
Borin, E., Wang, C., Wu, Y., and Araujo, G. 2005. Dynamic binary control-flow errors detection. ACM SIGARCH Comput. Architect. News 33, 5, 15--20.
[4]
Chiueh, T.-C. and Hsu, F.-H. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the International Conference on Distributed Computing Systems. 409--417.
[5]
Cowen, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium 63--78.
[6]
Crandall, J. R., Wu, S. F., and Chong, F. T. 2006. Minos: Architectural support for protecting control data. ACM Tran. Architect. Code Optim. 3, 4, 359--389.
[7]
Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: A flexible flow architecture for software security. In Proceedings of the International Symposium on Computer Architecture. 482--293.
[8]
Fei, Y. and Shi, Z. J. 2007. Microarchitectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the Design Automation & Test Europe Conference. 815--820.
[9]
Feng, H. H., Giffin, J. T., Huang, Y., Jha, S., Lee, W., and Miller, B. P. 2004. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of the IEEE Symposium on Security & Privacy. 194--208.
[10]
Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. 1996. A sense of self for UNIX processes. In Proceedings of the IEEE Symposium on Security & Privacy. 120--128.
[11]
Frantzen, M. and Shuey, M. 2001. StackGhost: Hardware facilitated stack protection. In Proceedings of the USENIX Security Symposium. 55--66.
[12]
Guthaus, M., Ringenberg, J., Austin, T., Mudge, T., and Brown, R. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE International Workshop on Workload Characterization. 3--14.
[13]
Jimenez, D. A. 2005. Piecewise linear branch prediction. In Proceedings of the IEEE International Symposium on Computer Architecture. 382--393.
[14]
Lee, C.-C., Chen, I.-C. K., and Mudge, T. N. 1997. The bi-mode branch predictor. In Proceedings of the ACM/IEEE International Symposium on Microarchitecture. 4--13.
[15]
Lee, R., Karig, D. K., McGregor, J. P., and Shi, Z. 2003. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the International Conference on Security in Pervasive Computing. 237--252.
[16]
Lin, H., Guan, X., Fei, Y., and Shi, Z. J. 2007. Compiler-assisted architectural support for program code integrity monitoring in application-specific instruction set processors. In Proceedings of the International Conference on Computer Design.
[17]
Mao, S. and Wolf, T. 2007. Hardware support for secure processing in embedded systems. In Proceedings of the Design Automation Conference. 483--488.
[18]
Martinez Santos, J. C. and Fei, Y. 2008. Leveraging speculative architectures for run-time program validation. In Proceedings of the International Conference on Computer Design. 498--505.
[19]
Michael, C. and Ghosh, A. 2000. Using finite automata to mine execution data for intrusion detection: A preliminary report. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Vol. 1907. 66--79.
[20]
One, A. 1996. Smashing the stack for fun and profit. Phrack 7, 49.
[21]
Park, Y., Zhang, Z., and Lee, G. 2006. Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro 26, 4, 62--71.
[22]
Perleberg, C. and Smith, A. J. 1993. Branch target buffer design and optimization. IEEE Trans. Comput. 42, 4, 396--412.
[23]
Pyo, C. and Lee, G. 2002. Encoding function pointers and memory arrangement checking against buffer overflow attacks. In Proceedings of the International Conference on Information & Communications Security. Vol. 2513. 25--36.
[24]
Ragel, R. and Parameswaran, S. 2006. Hardware assisted preemptive control flow checking for embedded processors to improve reliability. In Proceedings of the International Conference on Hardware/Software Codesign & System Synthesis. 100--105.
[25]
Shi, W., Fryman, J., Gu, G., Lee, H.-H., Zhang, Y., and Yang, J. 2006a. InfoShield: A security architecture for protecting information usage in memory. In Proceedings of the International Symposium on High-Performance Computer Architecture, 222--231.
[26]
Shi, Y., Dempsey, S., and Lee, G. 2006b. Architectural support for run-time validation of control flow transfer. In Proceedings of the International Conference on Computer Design. 506--513.
[27]
Shi, Y. and Lee, G. 2007. Augmenting branch predictor to secure program execution. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks. 10--19.
[28]
Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages & Operating Systems. 85--96.
[29]
Thomas, R., Franklin, M., Wilkerson, C., and Stark, J. 2003. Improving branch prediction by dynamic dataflow-based identification of correlated branches from a large global history. In Proceedings of the Interenational Symposium on Computer Architecture. 314--323.
[30]
Tuck, N., Cadler, B., and Varghese, G. 2004. Hardware and binary modification support for code pointer protection from buffer overflow. In Proceedings of the International Symposium on Microarchitecture. 209--220.
[31]
Vachharajani, N., Bridges, M. J., Chang, J., Rangan, R., Ottoni, G., Blome, J. A., Reis, G. A., Vachharajani, M., and August, D. I. 2004. RIFLE: An architectural framework for user-centric information-flow security. In Proceedings of the International Symposium on Microarchitecture. 243--254.
[32]
Wilander, J. and Kamkar, M. 2002. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems (NordSec'02). 68.
[33]
Xu, J. and Nakka, N. 2005. Defeating memory corruption attacks via pointer taintedness detection. In Proceedings of the International Conference on Dependable Systems & Networks. 378--387.
[34]
Ye, D. and Kaeli, D. 2005. A reliable return address stack: Microarchitectural features to defeat stack smashing. In Proceedings of the Workshop on Architectural Support for Security & Antivirus. 73--88.
[35]
Zhang, T., Zhuang, X., Pande, S., and Lee, W. 2005. Anomalous path detection with hardware support. In Proceedings of the International Conference on Compilers, Architecture, & Synthesis for Embedded Systems. 43--54.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems
ACM Transactions on Embedded Computing Systems  Volume 13, Issue 1
August 2013
332 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/2501626
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 05 September 2013
Accepted: 01 January 2012
Revised: 01 June 2011
Received: 01 August 2009
Published in TECS Volume 13, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Program validation
  2. control flow validation
  3. security attacks

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 239
    Total Downloads
  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media