ABSTRACT
Dynamic information flow tracking (DIFT) has shown to be an effective security measure for detecting both memory corruption attacks and semantic attacks at run-time on a wild range of systems from embedded systems and mobile devices to cloud computing. When applying DIFT to multi-thread applications running on multi-core architectures, the data processing and metadata processing are normally decoupled, i.e., being performed in different places at different times. Therefore, if the metadata access is not in the same order as data access, inconsistency issues may arise, which would reduce the security effectiveness of DIFT. Avoiding such inconsistency between data access and metadata access, i.e., maintaining metadata coherence, has become a challenging issue. In this paper, we propose METACE (METAdata Coherence Enforcement). METACE includes architectural enhancement in the memory management unit and leverages the existing cache coherence hardware and protocol to enforce metadata coherence. It introduces minimum changes to cores, coprocessors, and the memory hierarchy. It covers the complete set of data dependencies without deadlocks and is compatible with different memory consistency models. Our approach does not require modification of the source code. METACE supports out-of-order metadata access resulting in less performance degradation than previous approaches.
- C. Bienia. Benchmarking Modern Multiprocessors. PhD thesis, Princeton University, January 2011. Google ScholarDigital Library
- S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. Iyer. Defeating memory corruption attacks via pointer taintedness detection. In Proc. Int. Conf. on Dependable Systems & Networks, pages 378--387, June 2005. Google ScholarDigital Library
- Y. Chen, W. Hu, T. Chen, and R. Wu. LReplay: a pending period based deterministic replay scheme. SIGARCH Comput. Archit. News, 38(3):187--197, June 2010. Google ScholarDigital Library
- J. Chung, M. Dalton, H. Kannan, and C. Kozyrakis. Thread-safe dynamic binary translation using transactional memory. In Proc. IEEE Int. Symp. on High Performance Computer Architecture, pages 279--289, Feb. 2008.Google Scholar
- J. R. Crandall, S. F. Wu, and F. T. Chong. Minos: Architectural support for protecting control data. ACM Tran. Architecture & Code Optimization, 3(4):359--389, Dec. 2006. Google ScholarDigital Library
- M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible flow architecture for software security. In Proc. Int. Symp. Computer Architecture, pages 482--293, June 2007. Google ScholarDigital Library
- D. Y. Deng, D. Lo, G. Malysa, S. Schneider, and G. E. Suh. Flexible and efficient instruction-grained run-time monitoring using on-chip reconfigurable fabric. In Proc. IEEE/ACM Int. Symp. on Microarchitecture, pages 137--148, Dec. 2010. Google ScholarDigital Library
- HP Labs. CACTI 5.3. http://quid.hpl.hp.com:9081/cacti/.Google Scholar
- H. Kannan. Ordering decoupled metadata accesses in multiprocessors. In Proc. Int. Symp. Microarchitecture, pages 381--390, Dec. 2009. Google ScholarDigital Library
- H. Kannan, M. Dalton, and C. Kozyrakis. Decoupling dynamic information flow tracking with a dedicated coprocessor. In Proc. Int. Conf. Dependable Systems & Networks, pages 105--114, Jun. 2009.Google ScholarCross Ref
- J. C. Martinez Santos, Y. Fei, and Z. J. Shi. PIFT: Efficient dynamic information flow tracking using secure page allocation. In Proc. Wkshp on Embedded Systems Security, pages 6:1--6:8, Oct. 2009. Google ScholarDigital Library
- MOESI Protocol. AMD64 Architecture Programmer's Manual: V2: System Programming. http://support.amd.com/us/Embedded_TechDocs/24593.pdf.Google Scholar
- V. Nagarajan and R. Gupta. Architectural support for shadow memory in multiprocessors. In Proc. ACM SIGPLAN/SIGOPS Int. Conf. on Virtual Execution Environments, pages 1--10, Mar. 2009. Google ScholarDigital Library
- V. Nagarajan, H.-S. Kim, Y. Wu, and R. Gupta. Dynamic information flow tracking on multicores. In Proc. Wkshp on Interaction between Compilers & Computer Archirectures, 2008.Google Scholar
- J. Newsome. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Int. Symp. on Software Testing & Analysis, Feb. 2005.Google Scholar
- E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing security checks on commodity hardware. In Proc. Int. Conf. Architectural Support for Programming Languages & Operating Systems, pages 308--318, Mar. 2008. Google ScholarDigital Library
- F. Qin, C. Wang, Z. Li, H. seop Kim, Y. Zhou, and Y. Wu. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In IEEE/ACM Int. Symp. on Microarchitecture, pages 135--148, Dec. 2006. Google ScholarDigital Library
- O. Ruwase, S. Chen, P. B. Gibbons, and T. C. Mowry. Decoupled lifeguards: Enabling path optimizations for dynamic correctness checking tools. In Proc.ACM SIGPLAN Conf. on Programming Language Design & Implementation, pages 25--35, June 2010. Google ScholarDigital Library
- O. Ruwase, P. B. Gibbons, T. C. Mowry, V. Ramachandran, S. Chen, M. Kozuch, and M. Ryan. Parallelizing dynamic information flow tracking. In Proc. Symp. Parallelism in Algorithms & Architectures, pages 35--45, June 2008. Google ScholarDigital Library
- R. Shetty, M. Kharbutli, Y. Solihin, and M. Prvulovic. HeapMon: A helper-thread approach to programmable, automatic, and low-overhead memory bug detection. IBM J. Res. Dev., 50:261--275, March 2006. Google ScholarDigital Library
- W. Shi, H.-H. S. Lee, L. 'Falk, and M. Ghosh. An integrated framework for dependable and revivable architectures using multicore processors. In Proc. Int. Symp. on Computer Architecture, ISCA '06, pages 102--113, June 2006. Google ScholarDigital Library
- SPARC T3-1, SPARC T3-2, SPARC T3-4 and SPARC T3-1B Server Architecture. Sun Oracle. http://www.oracle.com/technetwork/articles/systems-hardware-architecture/sparc-t3-server-architecture-176017.pdf, Febrary 2011.Google Scholar
- G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proc. Int. Conf. on Architectural Support for Programming Languages & Operating Systems, pages 85--96, 2004. Google ScholarDigital Library
- M. Susskraut, S. Weigert, U. Schiffel, T. Knauth, M. Nowack, D. B. Brum, and C. Fetzer. Speculation for parallelizing runtime checks. In Proc. Int. Symp. on Stabilization, Safety, & Security of Distributed Systems, pages 698--710, Nov. 2009. Google ScholarDigital Library
- M. Takahashi, H. Takano, E. Kaneko, and S. Suzuki. A shared-bus control mechanism and a cache coherence protocol for a high-performance on-chip multiprocessor. In Proc. Int. Symp. on High-Performance Computer Architecture, pages 314--322, Feb. 1996. Google ScholarDigital Library
- R. Ubal, J. Sahuquillo, S. Petit, and P. López. Multi2Sim: A Simulation Framework to Evaluate Multicore-Multithreaded Processors. In Proc. Int. Symp. on Computer Architecture and High Performance Computing, Oct. 2007.Google ScholarCross Ref
- E. Vlachos, M. L. Goodstein, M. A. Kozuch, S. Chen, B. Falsafi, P. B. Gibbons, and T. C. Mowry. ParaLog: Enabling and accelerating online parallel monitoring of multithreaded applications. In Proc. ACM on Architectural Support for Programming Languages & Operating Systems, pages 271--284, Mar. 2010. Google ScholarDigital Library
- G. Voskuilen, F. Ahmad, and T. N. Vijaykumar. Timetraveler: exploiting acyclic races for optimizing memory race recording. SIGARCH Comput. Archit. News, 38(3):198--209, June 2010. Google ScholarDigital Library
Index Terms
- Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking
Recommendations
Low-energy volatile STT-RAM cache design using cache-coherence-enabled adaptive refresh
Spin-Torque Transfer RAM (STT-RAM) is a promising candidate for SRAM replacement because of its excellent features, such as fast read access, high density, low leakage power, and CMOS technology compatibility. However, wide adoption of STT-RAM as cache ...
Compiler-based Attack Origin Tracking with Dynamic Taint Analysis
Information Security and Cryptology – ICISC 2021AbstractOver the last decade, many exploit mitigations based on Control Flow Integrity (CFI) have been developed to secure programs from being hijacked by attackers. However, most of them only abort the protected application after attack detection, ...
Static secure page allocation for light-weight dynamic information flow tracking
CASES '12: Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systemsDynamic information flow tracking (DIFT) is an effective security countermeasure for both low-level memory corruptions and high-level semantic attacks. However, many software approaches suffer large performance degradation, and hardware approaches have ...
Comments