Abstract
Microprocessors in safety-critical system are extremely vulnerable to hacker attacks and circuit crosstalk, as they can modify binaries and lead programs to run along the wrong control flow paths. It is a significant challenge to design a run-time validation method with few hardware modification. In this paper, an efficient control flow validation method named DCM (Dual-Processor Control Flow Validation Method) is proposed basing on dual-processor architecture. Since a burst of memory-access-intensive instructions could block pipeline and cause lots of waiting clocks, the DCM assigns the idle pipeline cycles of the blocked processor to the other processor to validate control flow at run time. An extra lightweight monitor unit in each processor is needed and a special dual-processor communication protocol is also designed to schedule the redundant computing capacity between two processors to do validation tasks better. To further improve the efficiency, we also design a software-based self-validation algorithm to help reduce validation times. The combination of both hardware method and software method can speed up the validation procedure and protect the control flow paths with different emphasis. The cycle-accurate simulator GEM5 is used to simulate two ARMv7-A processors with out-of-order pipeline. Experiment shows the performance overhead of DCM is less than 22% on average across the SPEC 2006 benchmarks.
Highlights
In recent decades, microprocessors and embedded devices developed rapidly both in performance improvement and in practical application
They would modify program’s control flow to link to untrusted library functions or jump to malicious code in static or at run time to steal cryptographic keys or private data 11111 Other threats may come from transient faults caused by high-power particle strikes from space environment or circuit crosstalk in electronic circuit
We proposed a new control flow validation method named DCM using the redundant computing capacity of dual-processor architecture to do control flow validation tasks
Summary
Microprocessors and embedded devices developed rapidly both in performance improvement and in practical application. One kind is designing extra hardware devices in chip to monitor, compute and validate run-time control flow information [1,2,3,4]. General thought of this method is analyzing the source code of application programs in static to get control flow information and generate signatures using the more detailed physical addresses extracted from corresponding binaries [3, 4]. The blocked pipeline resource can be used to do control flow validation tasks by the other processor This method does not need a special hardware to do computing or comparing work and can take full use of the redundant computing capacity in the dualprocessor architecture.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
