Architectural support for run-time validation of control flow transfer

Yixin Shi; Sean Dempsey; Kyung Ho Lee

doi:10.1109/ICCD.2006.4380863

Architectural support for run-time validation of control flow transfer

Yixin Shi, Sean Dempsey, Kyung Ho Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

Original language	English
Title of host publication	IEEE International Conference on Computer Design, ICCD 2006
Pages	506-513
Number of pages	8
DOIs	https://doi.org/10.1109/ICCD.2006.4380863
Publication status	Published - 2006 Dec 1
Externally published	Yes
Event	24th International Conference on Computer Design 2006, ICCD - San Jose, CA, United States Duration: 2006 Oct 1 → 2006 Oct 4

Other

Other	24th International Conference on Computer Design 2006, ICCD
Country	United States
City	San Jose, CA
Period	06/10/1 → 06/10/4

Fingerprint

Flow control

Hardware

ASJC Scopus subject areas

Computer Graphics and Computer-Aided Design
Software

Cite this

Shi, Y., Dempsey, S., & Lee, K. H. (2006). Architectural support for run-time validation of control flow transfer. In IEEE International Conference on Computer Design, ICCD 2006 (pp. 506-513). [4380863] https://doi.org/10.1109/ICCD.2006.4380863

Architectural support for run-time validation of control flow transfer. / Shi, Yixin; Dempsey, Sean; Lee, Kyung Ho.

IEEE International Conference on Computer Design, ICCD 2006. 2006. p. 506-513 4380863.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shi, Y, Dempsey, S & Lee, KH 2006, Architectural support for run-time validation of control flow transfer. in IEEE International Conference on Computer Design, ICCD 2006., 4380863, pp. 506-513, 24th International Conference on Computer Design 2006, ICCD, San Jose, CA, United States, 06/10/1. https://doi.org/10.1109/ICCD.2006.4380863

Shi Y, Dempsey S, Lee KH. Architectural support for run-time validation of control flow transfer. In IEEE International Conference on Computer Design, ICCD 2006. 2006. p. 506-513. 4380863 https://doi.org/10.1109/ICCD.2006.4380863

Shi, Yixin ; Dempsey, Sean ; Lee, Kyung Ho. / Architectural support for run-time validation of control flow transfer. IEEE International Conference on Computer Design, ICCD 2006. 2006. pp. 506-513

@inproceedings{23a44eeceec14d8d8aceb8f880aadde6,

title = "Architectural support for run-time validation of control flow transfer",

abstract = "Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.",

author = "Yixin Shi and Sean Dempsey and Lee, {Kyung Ho}",

year = "2006",

month = "12",

day = "1",

doi = "10.1109/ICCD.2006.4380863",

language = "English",

pages = "506--513",

booktitle = "IEEE International Conference on Computer Design, ICCD 2006",

}

TY - GEN

T1 - Architectural support for run-time validation of control flow transfer

AU - Shi, Yixin

AU - Dempsey, Sean

AU - Lee, Kyung Ho

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

AB - Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

UR - http://www.scopus.com/inward/record.url?scp=49749131966&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=49749131966&partnerID=8YFLogxK

U2 - 10.1109/ICCD.2006.4380863

DO - 10.1109/ICCD.2006.4380863

M3 - Conference contribution

SP - 506

EP - 513

BT - IEEE International Conference on Computer Design, ICCD 2006

ER -

Access to Document

10.1109/ICCD.2006.4380863