Architectural support for run-time validation of control flow transfer

Yixin Shi, Sean Dempsey, Gyungho Lee

Research output: Contribution to conferencePaperpeer-review

8 Citations (Scopus)


Current micro-architecture blindly uses the address in the program counter to fetch and execute instructions without validating its legitimacy. Whenever this blind-folded instruction sequencing is not properly addressed at a higher level by system, it becomes a vulnerability of control data attacks, today's dominant and most critical security threats. To remedy it, this paper proposes a micro-architectural mechanism to validate control flow transfer at run-time at machine instruction level. It is proposed to have a hardware table consisting of legitimate indirect branches and their target pairs (IBPs) to aid the validation. The IBP table is implemented in the form of a cascading Bloom filter to store the security information as well as to enable fast validating. Based on a key observation that branch prediction unit existing in most speculative-execution processors already provides a portion of the control flow validation, our scheme activates the validation only on indirect branch mis-predictions. Because of the Bloom filter and the rarity of mis-predictions of indirect branches, the validation incurs moderate storage overhead and little performance penalty.

Original languageEnglish
Number of pages8
Publication statusPublished - 2006
Event24th International Conference on Computer Design 2006, ICCD - San Jose, CA, United States
Duration: 2006 Oct 12006 Oct 4


Other24th International Conference on Computer Design 2006, ICCD
Country/TerritoryUnited States
CitySan Jose, CA

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Software


Dive into the research topics of 'Architectural support for run-time validation of control flow transfer'. Together they form a unique fingerprint.

Cite this