Architectural support for run-time validation of program data properties

Divya Arora, Srivaths Ravi, Anand Raghunathan, Niraj K. Jha

Research output: Contribution to journalArticle

12 Scopus citations

Abstract

As computer systems penetrate deeper into our lives and handle private data, safety-critical applications, and transactions of high monetary value, efforts to breach their security also assume significant dimensions way beyond an amateur hacker's play. Until now, security was always an afterthought. This is evident in regular updates to antivirus software, patches issued by vendors after software bugs are discovered, etc. However, increasingly, we are realizing the need to incorporate security during the design of a system, be it software or hardware. We invoke this philosophy in the design of a hardware-based system to enable protection of a program's data during execution. In this paper, we develop a general framework that provides security assurance against a wide class of security attacks. Our work is based on the observation that a program's normal or permissible behavior with respect to data accesses can be characterized by various properties. We present a hardware/software approach wherein such properties can be encoded as data attributes and enforced as security policies during program execution. These policies may be application-specific (e.g., access control for certain data structures), compiler-generated (e.g., enforcing that variables are accessed only within their scope), or universally applicable to all programs (e.g., disallowing WRITES to unallocated memory). We show how an embedded system architecture can support such policies by: 1) enhancing the memory hierarchy to represent the attributes of each datum as security tags that are linked to it throughout its lifetime and 2) adding a configurable hardware checker that interprets the semantics of the tags and enforces the desired security policies. We evaluated the effectiveness of the proposed architecture in enforcing various security policies for several embedded benchmark applications. Our experiments in the context of the Simplescalar framework demonstrate that the proposed solution ensures run-time validation of application-defined data properties with minimal execution time overheads.

Original languageEnglish (US)
Pages (from-to)546-559
Number of pages14
JournalIEEE Transactions on Very Large Scale Integration (VLSI) Systems
Volume15
Issue number5
DOIs
StatePublished - May 1 2007

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Keywords

  • Embedded processors
  • Processor architectures
  • Security and protection
  • Special-purpose and application-based systems

Fingerprint Dive into the research topics of 'Architectural support for run-time validation of program data properties'. Together they form a unique fingerprint.

  • Cite this