SIFT: low-complexity energy-efficient information flow tracking on SMT processors

摘要: Dynamic information flow tracking (DIFT) is a powerful technique that can protect unmodified binaries from a broad range of vulnerabilities including buffer overflow and format string attacks. Software DIFT implementations suffer from very high performance overheads, while comprehensive hardware implementations add substantial complexity to the microarchitecture, making it unlikely for chip manufacturers to adopt them. In this paper, we propose SIFT (SMT-based DIFT), where a separate thread performing taint propagation and policy checking is executed in a spare context of an SMT processor. The instructions for the checking thread are generated in hardware using self-contained off-the-critical path logic at the commit stage of the pipeline. We investigate several performance optimizations to the base design including: 1) Prefetching of the taint data from shadow memory when the corresponding data is …