Record-Replay Architecture as a General Security Framework

Yasser Shalabi, Mengjia Yan, Nima Honarmand, Ruby B. Lee, Josep Torrellas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations


Hardware security features need to strike a careful balance between design intrusiveness and completeness of methods. In addition, they need to be flexible, as security threats continuously evolve. To help address these requirements, this paper proposes a novel framework where Record and Deterministic Replay (RnR) is used to complement hardware security features. We call the framework RnR-Safe. RnR-Safe reduces the cost of security hardware by allowing it to be less precise at detecting attacks, potentially reporting false positives. This is because it relies on on-the-fly replay that transparently verifies whether the alarm is a real attack or a false positive. RnR-Safe uses two replayers: an always-on, fast Checkpoint replayer that periodically creates checkpoints, and a detailed-analysis Alarm replayer that is triggered when there is a threat alarm. As an example application, we use RnR-Safe to thwart Return Oriented Programming (ROP) attacks, including on the Linux kernel. Our design augments the Return Address Stack (RAS) with relatively inexpensive hardware. We evaluate RnR-Safe using a variety of workloads on virtual machines running Linux. We find that RnR-Safe is very effective. Thanks to the judicious RAS hardware extensions and hypervisor changes, the checkpointing replayer has an execution speed comparable to the recorded execution. Also, the alarm replayer needs to handle very few false positives.

Original languageEnglish (US)
Title of host publicationProceedings - 24th IEEE International Symposium on High Performance Computer Architecture, HPCA 2018
PublisherIEEE Computer Society
Number of pages14
ISBN (Electronic)9781538636596
StatePublished - Mar 27 2018
Event24th IEEE International Symposium on High Performance Computer Architecture, HPCA 2018 - Vienna, Austria
Duration: Feb 24 2018Feb 28 2018

Publication series

NameProceedings - International Symposium on High-Performance Computer Architecture
ISSN (Print)1530-0897


Other24th IEEE International Symposium on High Performance Computer Architecture, HPCA 2018

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture


  • Hardware Security
  • Record and Deterministic Replay
  • Return Oriented Programming


Dive into the research topics of 'Record-Replay Architecture as a General Security Framework'. Together they form a unique fingerprint.

Cite this