Loading...
Please wait, while we are loading the content...
Similar Documents
From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware
| Content Provider | CiteSeerX |
|---|---|
| Author | Zang, Binyu Chong, Frederic T. Chen, Haibo Yew, Pen-Chung Wu, Xi Yuan, Liwei |
| Abstract | Dynamic information flow tracking (also known as taint tracking) is an appealing approach to combat various security attacks. However, the performance of applications can severely degrade without hardware support for tracking taints. This paper observes that information flow tracking can be efficiently emulated using deferred exception tracking in microprocessors supporting speculative execution. Based on this observation, we propose SHIFT, a low-overhead, software-based dynamic information flow tracking system to detect a wide range of attacks. The key idea is to treat tainted state (describing untrusted data) as speculative state (describing deferred exceptions). SHIFT leverages existing architectural support for speculative execution to track tainted state in registers and needs to instrument only load and store instructions to track tainted state in memory using a bitmap, which results in significant performance advantages. Moreover, by decoupling mechanisms for taint tracking from security policies, SHIFT can detect a wide range of exploits, including high-level semantic attacks. We have implemented SHIFT using the Itanium processor, which has support for deferred exceptions, and by modifying GCC to instrument loads and stores. A security assessment shows that SHIFT can detect both low-level memory corruption exploits as well as high-level semantic attacks with no false positives. Performance measurements show that SHIFT incurs about 1 % overhead for server applications. The performance slowdown for SPEC-INT2000 is 2.81X and 2.27X for tracking at byte-level and wordlevel respectively. Minor architectural improvements to the Itanium processor (adding three simple instructions) can reduce the performance slowdown down to 2.32X and 1.8X for byte-level and word-level tracking, respectively. 1 |
| File Format | |
| Access Restriction | Open |
| Subject Keyword | Taint Tracking Security Assessment Dynamic Information Flow Tracking Hardware Support Simple Instruction Various Security Attack Security Policy Software-based Dynamic Information Flow Store Instruction Information Flow Tracking Performance Measurement Minor Architectural Improvement Significant Performance Advantage Performance Slowdown Word-level Tracking Speculative Execution Deferred Exception Low-level Memory Corruption Tainted State Wide Range High-level Semantic Attack Speculative State Key Idea Server Application Architectural Support False Positive Itanium Processor |
| Content Type | Text |
| Resource Type | Article |
