research-article

Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking

Authors:
Juan Carlos Martínez Santos

Northeaster University, Boston, Massachusetts

Northeaster University, Boston, Massachusetts
View Profile

,
Yunsi Fei

Northeaster University, Boston, Massachusetts

Northeaster University, Boston, Massachusetts
View Profile

HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and PrivacyJune 2013Article No.: 6Pages 1–8https://doi.org/10.1145/2487726.2487732

Published:23 June 2013Publication History

HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

Pages 1–8

ABSTRACT

Dynamic information flow tracking (DIFT) has shown to be an effective security measure for detecting both memory corruption attacks and semantic attacks at run-time on a wild range of systems from embedded systems and mobile devices to cloud computing. When applying DIFT to multi-thread applications running on multi-core architectures, the data processing and metadata processing are normally decoupled, i.e., being performed in different places at different times. Therefore, if the metadata access is not in the same order as data access, inconsistency issues may arise, which would reduce the security effectiveness of DIFT. Avoiding such inconsistency between data access and metadata access, i.e., maintaining metadata coherence, has become a challenging issue. In this paper, we propose METACE (METAdata Coherence Enforcement). METACE includes architectural enhancement in the memory management unit and leverages the existing cache coherence hardware and protocol to enforce metadata coherence. It introduces minimum changes to cores, coprocessors, and the memory hierarchy. It covers the complete set of data dependencies without deadlocks and is compatible with different memory consistency models. Our approach does not require modification of the source code. METACE supports out-of-order metadata access resulting in less performance degradation than previous approaches.

References

C. Bienia. Benchmarking Modern Multiprocessors. PhD thesis, Princeton University, January 2011. Google ScholarDigital Library
S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. Iyer. Defeating memory corruption attacks via pointer taintedness detection. In Proc. Int. Conf. on Dependable Systems & Networks, pages 378--387, June 2005. Google ScholarDigital Library
Y. Chen, W. Hu, T. Chen, and R. Wu. LReplay: a pending period based deterministic replay scheme. SIGARCH Comput. Archit. News, 38(3):187--197, June 2010. Google ScholarDigital Library
J. Chung, M. Dalton, H. Kannan, and C. Kozyrakis. Thread-safe dynamic binary translation using transactional memory. In Proc. IEEE Int. Symp. on High Performance Computer Architecture, pages 279--289, Feb. 2008.Google Scholar
J. R. Crandall, S. F. Wu, and F. T. Chong. Minos: Architectural support for protecting control data. ACM Tran. Architecture & Code Optimization, 3(4):359--389, Dec. 2006. Google ScholarDigital Library
M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible flow architecture for software security. In Proc. Int. Symp. Computer Architecture, pages 482--293, June 2007. Google ScholarDigital Library
D. Y. Deng, D. Lo, G. Malysa, S. Schneider, and G. E. Suh. Flexible and efficient instruction-grained run-time monitoring using on-chip reconfigurable fabric. In Proc. IEEE/ACM Int. Symp. on Microarchitecture, pages 137--148, Dec. 2010. Google ScholarDigital Library
HP Labs. CACTI 5.3. http://quid.hpl.hp.com:9081/cacti/.Google Scholar
H. Kannan. Ordering decoupled metadata accesses in multiprocessors. In Proc. Int. Symp. Microarchitecture, pages 381--390, Dec. 2009. Google ScholarDigital Library
H. Kannan, M. Dalton, and C. Kozyrakis. Decoupling dynamic information flow tracking with a dedicated coprocessor. In Proc. Int. Conf. Dependable Systems & Networks, pages 105--114, Jun. 2009.Google ScholarCross Ref
J. C. Martinez Santos, Y. Fei, and Z. J. Shi. PIFT: Efficient dynamic information flow tracking using secure page allocation. In Proc. Wkshp on Embedded Systems Security, pages 6:1--6:8, Oct. 2009. Google ScholarDigital Library
MOESI Protocol. AMD64 Architecture Programmer's Manual: V2: System Programming. http://support.amd.com/us/Embedded_TechDocs/24593.pdf.Google Scholar
V. Nagarajan and R. Gupta. Architectural support for shadow memory in multiprocessors. In Proc. ACM SIGPLAN/SIGOPS Int. Conf. on Virtual Execution Environments, pages 1--10, Mar. 2009. Google ScholarDigital Library
V. Nagarajan, H.-S. Kim, Y. Wu, and R. Gupta. Dynamic information flow tracking on multicores. In Proc. Wkshp on Interaction between Compilers & Computer Archirectures, 2008.Google Scholar
J. Newsome. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Int. Symp. on Software Testing & Analysis, Feb. 2005.Google Scholar
E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing security checks on commodity hardware. In Proc. Int. Conf. Architectural Support for Programming Languages & Operating Systems, pages 308--318, Mar. 2008. Google ScholarDigital Library
F. Qin, C. Wang, Z. Li, H. seop Kim, Y. Zhou, and Y. Wu. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In IEEE/ACM Int. Symp. on Microarchitecture, pages 135--148, Dec. 2006. Google ScholarDigital Library
O. Ruwase, S. Chen, P. B. Gibbons, and T. C. Mowry. Decoupled lifeguards: Enabling path optimizations for dynamic correctness checking tools. In Proc.ACM SIGPLAN Conf. on Programming Language Design & Implementation, pages 25--35, June 2010. Google ScholarDigital Library
O. Ruwase, P. B. Gibbons, T. C. Mowry, V. Ramachandran, S. Chen, M. Kozuch, and M. Ryan. Parallelizing dynamic information flow tracking. In Proc. Symp. Parallelism in Algorithms & Architectures, pages 35--45, June 2008. Google ScholarDigital Library
R. Shetty, M. Kharbutli, Y. Solihin, and M. Prvulovic. HeapMon: A helper-thread approach to programmable, automatic, and low-overhead memory bug detection. IBM J. Res. Dev., 50:261--275, March 2006. Google ScholarDigital Library
W. Shi, H.-H. S. Lee, L. 'Falk, and M. Ghosh. An integrated framework for dependable and revivable architectures using multicore processors. In Proc. Int. Symp. on Computer Architecture, ISCA '06, pages 102--113, June 2006. Google ScholarDigital Library
SPARC T3-1, SPARC T3-2, SPARC T3-4 and SPARC T3-1B Server Architecture. Sun Oracle. http://www.oracle.com/technetwork/articles/systems-hardware-architecture/sparc-t3-server-architecture-176017.pdf, Febrary 2011.Google Scholar
G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proc. Int. Conf. on Architectural Support for Programming Languages & Operating Systems, pages 85--96, 2004. Google ScholarDigital Library
M. Susskraut, S. Weigert, U. Schiffel, T. Knauth, M. Nowack, D. B. Brum, and C. Fetzer. Speculation for parallelizing runtime checks. In Proc. Int. Symp. on Stabilization, Safety, & Security of Distributed Systems, pages 698--710, Nov. 2009. Google ScholarDigital Library
M. Takahashi, H. Takano, E. Kaneko, and S. Suzuki. A shared-bus control mechanism and a cache coherence protocol for a high-performance on-chip multiprocessor. In Proc. Int. Symp. on High-Performance Computer Architecture, pages 314--322, Feb. 1996. Google ScholarDigital Library
R. Ubal, J. Sahuquillo, S. Petit, and P. López. Multi2Sim: A Simulation Framework to Evaluate Multicore-Multithreaded Processors. In Proc. Int. Symp. on Computer Architecture and High Performance Computing, Oct. 2007.Google ScholarCross Ref
E. Vlachos, M. L. Goodstein, M. A. Kozuch, S. Chen, B. Falsafi, P. B. Gibbons, and T. C. Mowry. ParaLog: Enabling and accelerating online parallel monitoring of multithreaded applications. In Proc. ACM on Architectural Support for Programming Languages & Operating Systems, pages 271--284, Mar. 2010. Google ScholarDigital Library
G. Voskuilen, F. Ahmad, and T. N. Vijaykumar. Timetraveler: exploiting acyclic races for optimizing memory race recording. SIGARCH Comput. Archit. News, 38(3):198--209, June 2010. Google ScholarDigital Library

Index Terms

Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking

Recommendations

Low-energy volatile STT-RAM cache design using cache-coherence-enabled adaptive refresh

Spin-Torque Transfer RAM (STT-RAM) is a promising candidate for SRAM replacement because of its excellent features, such as fast read access, high density, low leakage power, and CMOS technology compatibility. However, wide adoption of STT-RAM as cache ...
Read More
Compiler-based Attack Origin Tracking with Dynamic Taint Analysis
Information Security and Cryptology – ICISC 2021
Abstract
Over the last decade, many exploit mitigations based on Control Flow Integrity (CFI) have been developed to secure programs from being hijacked by attackers. However, most of them only abort the protected application after attack detection, ...
Read More
Static secure page allocation for light-weight dynamic information flow tracking
CASES '12: Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems

Dynamic information flow tracking (DIFT) is an effective security countermeasure for both low-level memory corruptions and high-level semantic attacks. However, many software approaches suffer large performance degradation, and hardware approaches have ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
June 2013
77 pages
ISBN:9781450321181
DOI:10.1145/2487726
Conference Chairs:
Ruby Lee
Princeton University
,
Weidong Shi
University of Houston
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 June 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cache coherence
dynamic information flow tracking
metadata coherence
software security
Qualifiers
- research-article
Conference

Acceptance Rates
HASP '13 Paper Acceptance Rate9of13submissions,69%Overall Acceptance Rate9of13submissions,69%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 158
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking

HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Low-energy volatile STT-RAM cache design using cache-coherence-enabled adaptive refresh

Compiler-based Attack Origin Tracking with Dynamic Taint Analysis

Static secure page allocation for light-weight dynamic information flow tracking