Architectural Support for Run-Time Validation of Program Data Properties

As computer systems penetrate deeper into our lives and handle private data, safety-critical applications, and transactions of high monetary value, efforts to breach their security also assume significant dimensions way beyond an amateur hacker´s play. Until now, security was always an afterthought. This is evident in regular updates to antivirus software, patches issued by vendors after software bugs are discovered, etc. However, increasingly, we are realizing the need to incorporate security during the design of a system, be it software or hardware. We invoke this philosophy in the design of a hardware-based system to enable protection of a program´s data during execution. In this paper, we develop a general framework that provides security assurance against a wide class of security attacks. Our work is based on the observation that a program´s normal or permissible behavior with respect to data accesses can be characterized by various properties. We present a hardware/software approach wherein such properties can be encoded as data attributes and enforced as security policies during program execution. These policies may be application- specific (e.g., access control for certain data structures), compiler- generated (e.g., enforcing that variables are accessed only within their scope), or universally applicable to all programs (e.g., disallowing WRITES to unallocated memory). We show how an embedded system architecture can support such policies by: 1) enhancing the memory hierarchy to represent the attributes of each datum as security tags that are linked to it throughout its lifetime and 2) adding a configurable hardware checker that interprets the semantics of the tags and enforces the desired security policies. We evaluated the effectiveness of the proposed architecture in enforcing various security policies for several embedded benchmark applications. Our experiments in the context of the Simplescalar framework demonstrate that the proposed solution ensures- run-time validation of application-defined data properties with minimal execution time overheads.