Abstract
This paper presents a micro-architectural enhancement, named Indirect Branch Validation Unit (IBVU), to prevent malicious attacks from compromising the control data of the program. The IBVU provides a run-time control flow protection by validating a dynamic instance of an indirect branch's address and its target address - indirect branch pair (IBP), which represents the program behavior. To validate an IBP at run-time with little performance and storage overhead, the IBVU employs a Bloom filter, a hashing based bit vector representation for querying a set membership. Two organizations trading off of the access delay and space in VLSI design are provided, and three commonly used hashing schemes are evaluated for the performance impact as well as the area overhead. Recognizing potential false positives from adopting the Bloom filter, consideration of reducing it per the Bloom filter's design parameters is discussed, while the difficulty of utilizing the false positives due to hashing based indexing of the Bloom filter for malicious attack is noted.
| Original language | English |
|---|---|
| Pages (from-to) | 461-468 |
| Number of pages | 8 |
| Journal | Microprocessors and Microsystems |
| Volume | 33 |
| Issue number | 7-8 |
| DOIs | |
| Publication status | Published - 2009 Oct |
Keywords
- Branch prediction
- Control data
- Indirect branch
- Software attack
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications
- Artificial Intelligence