Article

IMPRES: integrated monitoring for processor reliability and security

Authors:

Roshan G. Ragel,

Sri ParameswaranAuthors Info & Claims

DAC '06: Proceedings of the 43rd annual Design Automation Conference

Pages 502 - 505

https://doi.org/10.1145/1146909.1147041

Published: 24 July 2006 Publication History

Abstract

Security and reliability in processor based systems are concernsrequiring adroit solutions.Securityis often compromised by code injection attacks, jeopardizing even `trusted software'.Reliabilityis of concern where unintended code is executed in modern processors with ever smaller feature sizes and low voltage swings causing bit flips. Countermeasures by software-only approaches increasecodesize by large amounts and therefore significantly reduce performance. Hardware assisted approaches add extensive amountsofhardware monitors and thus incur unacceptably highhardware cost. This paper presents a novel hardware/softwaretechniqueat the granularity of micro-instructions to reduce overheads considerably. Experiments show thatour technique incurs an additional hardware overhead of 0.91% and clock period increase of 0.06%. Average clock cycle and code size overheads are just 11.9% and 10.6% forfive industrystandard application benchmarks. These overheads are far smaller than have been previously encountered.

References

[1]

D. Arora et al. Secure embedded processing through hardware-assisted runtime monitoring. In Proceedings of the DATE'05, volume 1, 2005.

Digital Library

[2]

D. Burger and T. M. Austin. The simplescalar tool set, version 2.0. SIGARCH Comput. Archit. News, 25(3):13--25, 1997.

Digital Library

[3]

C. Cowan et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proc. 7th USENIX Security Conference, pages 63--78, San Antonio, Texas, 1998.

Digital Library

[4]

J. G. Dyer et al. Building the ibm 4758 secure coprocessor. Computer, 34(10):57--66, 2001.

Digital Library

[5]

Gunter Ollmann. Second-order Code Injection Attacks: Advanced Code Injection Techniques and Testing Procedures, 2003.

[6]

M. R. Guthaus et al. Mibench: A free, commercially representative Embedded Benchmark Suite. In IEEE 4th Annual Workshop on Workload Characterization, Austin, TX, pages 83--94, December 2001.

Digital Library

[7]

T. Jim et al. Cyclone: A Safe Dialect of C. In In USENIX annual technical conference, Monterey, CA, June 2002., 2002.

Digital Library

[8]

R. Lee et al. Enlisting hardware architecture to thwart malicious code injection. In Proceedings of the International Conference on Security in Pervasive Computing. Springer Verlag LNCS, March 2003.

[9]

J. McGregor et al. A processor architecture defense against buffer overflow attacks. In Proceedings of the SPC'03, pages 237--252. Springer Verlag, March 2003.

[10]

G. C. Necula. Proof-Carrying Code. In Proceedings of POPL'97, pages 106--119, Paris, France, Jan 1997.

Digital Library

[11]

J. Peddersen et al. Rapid Embedded Hardware/Software System Generation. In 18th International Conference on VLSI Design held jointly with 4th International Conference on Embedded Systems Design (VLSID'05), pages 111--116, January 2005.

Digital Library

[12]

R. G. Ragel and S. Parameswaran. Soft error detection and recovery in application specific instruction-set processors. In Proceedings of the SELSE-1, April 2005.

[13]

R. G. Ragel, S. Parameswaran, and S. M. Kia. Micro Embedded Monitoring for Security in Application Specific Instruction-set Processors. In Proceedings of the CASES'05. ACM Press, September 2005.

Digital Library

[14]

S. Ravi et al. Security in embedded systems: Design challenges. Trans. on Embedded Computing Sys., 3(3):461--491, 2004.

Digital Library

[15]

The PEAS Team. ASIP Meister, http://www.eda-meister.org/asip-meister/, 2002.

[16]

The Synopsys Team. Synopsys Design Compiler, The industry standard for logic synthesis. http://www.synopsys.com/.

[17]

D. Wagner et al. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3--17, San Diego, CA, February 2000.

[18]

G. Wurster, P. C. van Oorschot, and A. Somayaji. A generic attack on checksumming-based software tamper resistance. In SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 127--138, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[19]

J. Xu et al. Architecture support for defending against buffer overflow attacks. In EASY-2 Workshop, October 2002.

[20]

Y. Younan, W. Joosen, and F. Piessens. Code injection in C and CPP: A Survey of Vulnerabilities and Countermeasure, July 2004.

Cited By

Yilmaz BWerner FPark SUgurlu EJorgensen EPrvulovic MZajic A(2023)MarCNNet: A Markovian Convolutional Neural Network for Malware Detection and Monitoring Multi-Core SystemsIEEE Transactions on Computers10.1109/TC.2022.318452072:4(1122-1135)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TC.2022.3184520
Gonçalves CAntunes NVieira M(2023)Intrusion Injection for Virtualized Systems: Concepts and Approach2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00047(417-430)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00047
Huang IKe YPao S(2022)Critical Signature Assertion and On-the-Fly Recovery for Control Flow Errors in Processors2022 IEEE 15th International Symposium on Embedded Multicore/Many-core Systems-on-Chip (MCSoC)10.1109/MCSoC57363.2022.00052(284-290)Online publication date: Dec-2022
https://doi.org/10.1109/MCSoC57363.2022.00052
Show More Cited By

Index Terms

IMPRES: integrated monitoring for processor reliability and security
1. Hardware
  1. Hardware test
  2. Robustness

Recommendations

An evaluation of speculative instruction execution on simultaneous multithreaded processors

Modern superscalar processors rely heavily on speculative execution for performance. For example, our measurements show that on a 6-issue superscalar, 93% of committed instructions for SPECINT95 are speculative. Without speculation, processor resources ...
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Recent research on transient execution vulnerabilities shows that current processors exceed our levels of understanding. The prominent Meltdown and Spectre attacks abruptly revealed fundamental design flaws in CPU pipeline behavior and exception ...
Sentinel scheduling: a model for compiler-controlled speculative execution

Speculative execution is an important source of parallelism for VLIW and superscalar processors. A serious challenge with compiler-controlled speculative execution is to efficiently handle exceptions for speculative instructions. In this article, a set ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '06: Proceedings of the 43rd annual Design Automation Conference

July 2006

1166 pages

ISBN:1595933816

DOI:10.1145/1146909

General Chair:
Ellen M. Sentovich
Cadence Berkeley Labs, Berkeley, CA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 July 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

DAC06

Sponsor:

DAC06: The 43rd Annual Design Automation Conference 2006

July 24 - 28, 2006

CA, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
428
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yilmaz BWerner FPark SUgurlu EJorgensen EPrvulovic MZajic A(2023)MarCNNet: A Markovian Convolutional Neural Network for Malware Detection and Monitoring Multi-Core SystemsIEEE Transactions on Computers10.1109/TC.2022.318452072:4(1122-1135)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TC.2022.3184520
Gonçalves CAntunes NVieira M(2023)Intrusion Injection for Virtualized Systems: Concepts and Approach2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00047(417-430)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00047
Huang IKe YPao S(2022)Critical Signature Assertion and On-the-Fly Recovery for Control Flow Errors in Processors2022 IEEE 15th International Symposium on Embedded Multicore/Many-core Systems-on-Chip (MCSoC)10.1109/MCSoC57363.2022.00052(284-290)Online publication date: Dec-2022
https://doi.org/10.1109/MCSoC57363.2022.00052
Mansour CChasaki D(2019)Adaptive security monitoring for next-generation routersEURASIP Journal on Embedded Systems10.1186/s13639-018-0087-02019:1Online publication date: 10-Jan-2019
https://doi.org/10.1186/s13639-018-0087-0
Pouraghily AWolf T(2019)Securing IoT Protocol Implementations Through Hardware Monitoring2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)10.1109/MASS.2019.00061(467-475)Online publication date: Nov-2019
https://doi.org/10.1109/MASS.2019.00061
Du PWang XWang WLi LXia TLi H(2018)Hardware-assisted integrity monitor based on lightweight hash functionIEICE Electronics Express10.1587/elex.15.2018010715:10(20180107-20180107)Online publication date: 2018
https://doi.org/10.1587/elex.15.20180107
Wang QGuo WWei J(2018)An efficient control flow validation method using redundant computing capacity of dual-processor architecturePLOS ONE10.1371/journal.pone.020112713:8(e0201127)Online publication date: 1-Aug-2018
https://doi.org/10.1371/journal.pone.0201127
Kan SDworak J(2018)Can Soft Errors be Handled Securely?2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI.2018.00032(124-129)Online publication date: Jul-2018
https://doi.org/10.1109/ISVLSI.2018.00032
Yu QZhang ZDofe J(2018)Investigating Reliability and Security of Integrated Circuits and Systems2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI.2018.00029(106-111)Online publication date: Jul-2018
https://doi.org/10.1109/ISVLSI.2018.00029
Luan GBai YWang CZeng JChen Q(2018)An Efficient Checkpoint and Recovery Mechanism for Real-Time Embedded Systems2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)10.1109/BDCloud.2018.00123(824-831)Online publication date: Dec-2018
https://doi.org/10.1109/BDCloud.2018.00123
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten