Architectural support for run-time validation of control flow transfer

Yixin Shi, Sean Dempsey, Kyung Ho Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

Original languageEnglish
Title of host publicationIEEE International Conference on Computer Design, ICCD 2006
Pages506-513
Number of pages8
DOIs
Publication statusPublished - 2006 Dec 1
Externally publishedYes
Event24th International Conference on Computer Design 2006, ICCD - San Jose, CA, United States
Duration: 2006 Oct 12006 Oct 4

Other

Other24th International Conference on Computer Design 2006, ICCD
CountryUnited States
CitySan Jose, CA
Period06/10/106/10/4

Fingerprint

Flow control
Hardware

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Software

Cite this

Shi, Y., Dempsey, S., & Lee, K. H. (2006). Architectural support for run-time validation of control flow transfer. In IEEE International Conference on Computer Design, ICCD 2006 (pp. 506-513). [4380863] https://doi.org/10.1109/ICCD.2006.4380863

Architectural support for run-time validation of control flow transfer. / Shi, Yixin; Dempsey, Sean; Lee, Kyung Ho.

IEEE International Conference on Computer Design, ICCD 2006. 2006. p. 506-513 4380863.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shi, Y, Dempsey, S & Lee, KH 2006, Architectural support for run-time validation of control flow transfer. in IEEE International Conference on Computer Design, ICCD 2006., 4380863, pp. 506-513, 24th International Conference on Computer Design 2006, ICCD, San Jose, CA, United States, 06/10/1. https://doi.org/10.1109/ICCD.2006.4380863
Shi Y, Dempsey S, Lee KH. Architectural support for run-time validation of control flow transfer. In IEEE International Conference on Computer Design, ICCD 2006. 2006. p. 506-513. 4380863 https://doi.org/10.1109/ICCD.2006.4380863
Shi, Yixin ; Dempsey, Sean ; Lee, Kyung Ho. / Architectural support for run-time validation of control flow transfer. IEEE International Conference on Computer Design, ICCD 2006. 2006. pp. 506-513
@inproceedings{23a44eeceec14d8d8aceb8f880aadde6,
title = "Architectural support for run-time validation of control flow transfer",
abstract = "Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.",
author = "Yixin Shi and Sean Dempsey and Lee, {Kyung Ho}",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/ICCD.2006.4380863",
language = "English",
pages = "506--513",
booktitle = "IEEE International Conference on Computer Design, ICCD 2006",

}

TY - GEN

T1 - Architectural support for run-time validation of control flow transfer

AU - Shi, Yixin

AU - Dempsey, Sean

AU - Lee, Kyung Ho

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

AB - Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

UR - http://www.scopus.com/inward/record.url?scp=49749131966&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=49749131966&partnerID=8YFLogxK

U2 - 10.1109/ICCD.2006.4380863

DO - 10.1109/ICCD.2006.4380863

M3 - Conference contribution

SP - 506

EP - 513

BT - IEEE International Conference on Computer Design, ICCD 2006

ER -