Abstract
Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.
| Original language | English |
|---|---|
| Pages | 506-513 |
| Number of pages | 8 |
| DOIs | |
| Publication status | Published - 2006 |
| Event | 24th International Conference on Computer Design 2006, ICCD - San Jose, CA, United States Duration: 2006 Oct 1 → 2006 Oct 4 |
Other
| Other | 24th International Conference on Computer Design 2006, ICCD |
|---|---|
| Country/Territory | United States |
| City | San Jose, CA |
| Period | 06/10/1 → 06/10/4 |
ASJC Scopus subject areas
- Computer Graphics and Computer-Aided Design
- Software