SIFT: Low-Complexity Energy-Efficient Information Flow Tracking on SMT Processors

Abstract

Dynamic information flow tracking (DIFT) is a powerful technique that can protect unmodified binaries from a broad range of vulnerabilities including buffer overflow and format string attacks. Software DIFT implementations suffer from very high performance overheads, while comprehensive hardware implementations add substantial complexity to the microarchitecture, making it unlikely for chip manufacturers to adopt them. In this paper, we propose SIFT (SMT-based DIFT), where a separate thread performing taint propagation and policy checking is executed in a spare context of an SMT processor. The instructions for the checking thread are generated in hardware using self-contained off-the-critical path logic at the commit stage of the pipeline. We investigate several performance optimizations to the base design including: 1) Prefetching of the taint data from shadow memory when the corresponding data is accessed by the primary thread; 2) Optimizing the generation of the taint code to remove unneeded security instructions; and 3) The use of aggregated instructions for collapsing the frequently used groups of security instructions into a single new instruction. Together, these optimizations reduce the performance penalty of SIFT to under 20 percent on SPEC CPU 2006 benchmarks-much lower than the overhead of previously proposed software-based DIFT schemes. We also analyze the energy overhead of SIFT and show it to be very high - 113 percent for SPEC 2006 benchmarks. We then propose several techniques that reduce this overhead to only 23 percent, making SIFT design practical from the energy standpoint. To demonstrate the feasibility of SIFT, we design and synthesize a core with SIFT logic and show that the area overhead of SIFT is only 4.5 percent and that instruction generation can be performed in one additional cycle at commit time.