Title :
An Efficient Hardware Support for Control Data Validation
Author :
Park, Yong-Joon ; Zhang, Zhao ; Lee, Gyungho
Author_Institution :
Iowa State Univ., Ames
Abstract :
Software-based, fine-grain control flow integrity (CFI) validation technique has been proposed to enforce control flow integrity of program execution. By validating every indirect branch instruction, it can prevent various control flow attacks, but at the cost of non-trivial overhead: up to 50% and on average 21% as reported in a case study. We propose a new hardware mechanism to accelerate the CFI validation. It utilizes the branch prediction unit of modern processors to reduce the frequency of necessary validation, and proposes to use a small hardware structure called indirect branch filter cache (IBF cache) to further reduce the frequency of validation. The small IBF cache buffers and reuses previous validation results, which dramatically reduces the frequency of validation for all workloads we have studied. We collect the trace of indirect branch of various workloads on an Intel P4 computer and conduct trace-based simulation to estimate the performance overhead. Our results show that the overhead is negligible for all SPEC CPU2000int, SPEC CPU2006intprograms, TPC-C, WebStone and FTP server benchmarks.
Keywords :
cache storage; data flow analysis; data integrity; program control structures; program verification; security of data; Intel P4 computer; control flow attack; data validation; grain control flow integrity; hardware support; indirect branch filter cache buffer; indirect branch instruction; program execution; Acceleration; Computational modeling; Computer security; Computer simulation; Control systems; Costs; Filters; Frequency; Hardware; Indexing;
Conference_Titel :
Application-specific Systems, Architectures and Processors, 2007. ASAP. IEEE International Conf. on
Conference_Location :
Montreal, Que.
Print_ISBN :
978-1-4244-1026-2
Electronic_ISBN :
2160-0511
DOI :
10.1109/ASAP.2007.4459298
