TY - GEN
T1 - Augmenting branch predictor to secure program execution
AU - Shi, Yixin
AU - Lee, Gyungho
PY - 2007
Y1 - 2007
N2 - Although there are various ways to exploit software vulnerabilities for malicious attacks, the attacks always result in unexpected behavior in program execution, deviating from what the programmer/user intends to do. Program execution blindly follows the execution path specified by control flow transfer instructions with the targets generated at run-time without any validation. An enhancement is therefore proposed to secure program execution by introducing a validation mechanism over control flow transfer instructions at micro-architecture level. The proposed scheme, as a behavior-based protection, treats a triplet of the indirect branch's location, its target address, and the execution path preceding it as a behavior signature of program execution and validates it at run-time. The first two pieces of information can prevent an adversary from overwriting control data and introducing foreign code or impossible targets to redirect an indirect branch. The last one is necessary to defeat the attacks that use a legitimate target but follow an unintended execution path. Interestingly, the branch predictor is found to contain the signature information already and doing a portion of the validation when resolving the branch, thus greatly reducing the validation frequency. An enhancement of branch target buffer (BTB) entry together with a signature table implemented in the form of a Bloom filter in hardware is proposed to incorporate the validation into the processor's pipeline, providing a new defense in the processor architecture to secure program execution.
AB - Although there are various ways to exploit software vulnerabilities for malicious attacks, the attacks always result in unexpected behavior in program execution, deviating from what the programmer/user intends to do. Program execution blindly follows the execution path specified by control flow transfer instructions with the targets generated at run-time without any validation. An enhancement is therefore proposed to secure program execution by introducing a validation mechanism over control flow transfer instructions at micro-architecture level. The proposed scheme, as a behavior-based protection, treats a triplet of the indirect branch's location, its target address, and the execution path preceding it as a behavior signature of program execution and validates it at run-time. The first two pieces of information can prevent an adversary from overwriting control data and introducing foreign code or impossible targets to redirect an indirect branch. The last one is necessary to defeat the attacks that use a legitimate target but follow an unintended execution path. Interestingly, the branch predictor is found to contain the signature information already and doing a portion of the validation when resolving the branch, thus greatly reducing the validation frequency. An enhancement of branch target buffer (BTB) entry together with a signature table implemented in the form of a Bloom filter in hardware is proposed to incorporate the validation into the processor's pipeline, providing a new defense in the processor architecture to secure program execution.
KW - Bloom filter
KW - Branch predictor
KW - Control flow validation
KW - Indirect branch
KW - Software protection
UR - http://www.scopus.com/inward/record.url?scp=36049008184&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=36049008184&partnerID=8YFLogxK
U2 - 10.1109/DSN.2007.19
DO - 10.1109/DSN.2007.19
M3 - Conference contribution
AN - SCOPUS:36049008184
SN - 0769528554
SN - 9780769528557
T3 - Proceedings of the International Conference on Dependable Systems and Networks
SP - 10
EP - 19
BT - Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007
T2 - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007
Y2 - 25 June 2007 through 28 June 2007
ER -