Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking

Juan Carlos Martínez Santos, Yunsi Fei
{"title":"Micro-architectural support for metadata coherence in multi-core dynamic information flow tracking","authors":"Juan Carlos Martínez Santos, Yunsi Fei","doi":"10.1145/2487726.2487732","DOIUrl":null,"url":null,"abstract":"Dynamic information flow tracking (DIFT) has shown to be an effective security measure for detecting both memory corruption attacks and semantic attacks at run-time on a wild range of systems from embedded systems and mobile devices to cloud computing. When applying DIFT to multi-thread applications running on multi-core architectures, the data processing and metadata processing are normally decoupled, i.e., being performed in different places at different times. Therefore, if the metadata access is not in the same order as data access, inconsistency issues may arise, which would reduce the security effectiveness of DIFT. Avoiding such inconsistency between data access and metadata access, i.e., maintaining metadata coherence, has become a challenging issue. In this paper, we propose METACE (METAdata Coherence Enforcement). METACE includes architectural enhancement in the memory management unit and leverages the existing cache coherence hardware and protocol to enforce metadata coherence. It introduces minimum changes to cores, coprocessors, and the memory hierarchy. It covers the complete set of data dependencies without deadlocks and is compatible with different memory consistency models. Our approach does not require modification of the source code. METACE supports out-of-order metadata access resulting in less performance degradation than previous approaches.","PeriodicalId":141766,"journal":{"name":"Hardware and Architectural Support for Security and Privacy","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hardware and Architectural Support for Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2487726.2487732","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

Dynamic information flow tracking (DIFT) has shown to be an effective security measure for detecting both memory corruption attacks and semantic attacks at run-time on a wild range of systems from embedded systems and mobile devices to cloud computing. When applying DIFT to multi-thread applications running on multi-core architectures, the data processing and metadata processing are normally decoupled, i.e., being performed in different places at different times. Therefore, if the metadata access is not in the same order as data access, inconsistency issues may arise, which would reduce the security effectiveness of DIFT. Avoiding such inconsistency between data access and metadata access, i.e., maintaining metadata coherence, has become a challenging issue. In this paper, we propose METACE (METAdata Coherence Enforcement). METACE includes architectural enhancement in the memory management unit and leverages the existing cache coherence hardware and protocol to enforce metadata coherence. It introduces minimum changes to cores, coprocessors, and the memory hierarchy. It covers the complete set of data dependencies without deadlocks and is compatible with different memory consistency models. Our approach does not require modification of the source code. METACE supports out-of-order metadata access resulting in less performance degradation than previous approaches.
多核动态信息流跟踪中元数据一致性的微架构支持
动态信息流跟踪(DIFT)已被证明是一种有效的安全措施,可以在从嵌入式系统、移动设备到云计算的各种系统的运行时检测内存损坏攻击和语义攻击。当将DIFT应用于运行在多核架构上的多线程应用程序时,数据处理和元数据处理通常是解耦的,即在不同的时间在不同的地方执行。因此,如果元数据访问的顺序与数据访问的顺序不一致,就可能出现不一致的问题,从而降低DIFT的安全有效性。避免数据访问和元数据访问之间的这种不一致,即保持元数据一致性,已成为一个具有挑战性的问题。在本文中,我们提出了METACE (METAdata Coherence Enforcement)。METACE包括内存管理单元的架构增强,并利用现有的缓存一致性硬件和协议来强制元数据一致性。它对核心、协处理器和内存层次结构引入了最小的更改。它涵盖了没有死锁的完整数据依赖集,并与不同的内存一致性模型兼容。我们的方法不需要修改源代码。METACE支持乱序元数据访问,因此比以前的方法性能下降更小。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信