Abstract
Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.
Original language | English |
---|---|
Pages | 506-513 |
Number of pages | 8 |
DOIs | |
Publication status | Published - 2006 |
Event | 24th International Conference on Computer Design 2006, ICCD - San Jose, CA, United States Duration: 2006 Oct 1 → 2006 Oct 4 |
Other
Other | 24th International Conference on Computer Design 2006, ICCD |
---|---|
Country/Territory | United States |
City | San Jose, CA |
Period | 06/10/1 → 06/10/4 |
ASJC Scopus subject areas
- Computer Graphics and Computer-Aided Design
- Software