TaintHLS: High-Level Synthesis for Dynamic Information Flow Tracking

Dynamic information flow tracking (DIFT) is a technique to track potential security vulnerabilities in software and hardware systems at run time. Untrusted data are marked with tags (tainted), which are propagated through the system and their potential for unsafe use is analyzed to prevent them. DIFT is not supported in heterogeneous systems especially hardware accelerators. Currently, DIFT is manually generated and integrated into the accelerators. This process is error-prone, potentially hurting the process of identifying security violations in heterogeneous systems. We present TaintHLS, to automatically generate a micro-architecture to support baseline operations and a shadow microarchitecture for intrinsic DIFT support in hardware accelerators while providing variable granularity of taint tags. TaintHLS offers a companion high-level synthesis (HLS) methodology to automatically generate such DIFT-enabled accelerators from a high-level specification. We extended a state-of-the-art HLS tool to generate DIFT-enhanced accelerators and demonstrated the approach on numerous benchmarks. The DIFT-enabled accelerators have negligible performance and no more than 30% hardware overhead.

[1]  Marco Minutoli,et al.  Enabling the high level synthesis of data analytics accelerators , 2016, 2016 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[2]  Jason Cong,et al.  Architecture support for accelerator-rich CMPs , 2012, DAC Design Automation Conference 2012.

[3]  Wei Hu,et al.  Register transfer level information flow tracking for provably secure hardware design , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[4]  Mark Horowitz,et al.  1.1 Computing's energy problem (and what we can do about it) , 2014, 2014 IEEE International Solid-State Circuits Conference Digest of Technical Papers (ISSCC).

[5]  Gu-Yeon Wei,et al.  The accelerator store: A shared memory framework for accelerator-based systems , 2012, TACO.

[6]  Yu Ting Chen,et al.  A Survey and Evaluation of FPGA High-Level Synthesis Tools , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[7]  Ramesh Karri,et al.  Securing Hardware Accelerators: A New Challenge for High-Level Synthesis , 2018, IEEE Embedded Systems Letters.

[8]  Luca P. Carloni,et al.  An analysis of accelerator coupling in heterogeneous architectures , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Christoforos E. Kozyrakis,et al.  Decoupling Dynamic Information Flow Tracking with a dedicated coprocessor , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[10]  Luca Benini,et al.  Synthesis-friendly techniques for tightly-coupled integration of hardware accelerators into shared-memory multi-core clusters , 2013, 2013 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[11]  Wei Hu,et al.  Arbitrary precision and complexity tradeoffs for gate-level information flow tracking , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Gu-Yeon Wei,et al.  MachSuite: Benchmarks for accelerator design and customized architectures , 2014, 2014 IEEE International Symposium on Workload Characterization (IISWC).

[13]  Diego Novillo Design and Implementation of Tree SSA , 2004 .

[14]  Wei Hu,et al.  Theoretical Fundamentals of Gate Level Information Flow Tracking , 2011, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Lea Hwang Lee,et al.  Designing the Low-Power MCORE TM Architecture , 1998 .

[16]  Jason Cong,et al.  Theory and algorithm for generalized memory partitioning in high-level synthesis , 2014, FPGA.

[17]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[18]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[19]  Jianwen Zhu,et al.  A unified formal model of ISA and FSMD , 1999, CODES '99.

[20]  Jason Cong,et al.  Accelerator-rich architectures: Opportunities and progresses , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[21]  Luca P. Carloni,et al.  System-Level Optimization of Accelerator Local Memory for Heterogeneous Systems-on-Chip , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[22]  Leon Stok,et al.  Data path synthesis , 1994, Integr..

[23]  Simha Sethumadhavan,et al.  WHISK: An uncore architecture for Dynamic Information Flow Tracking in heterogeneous embedded SoCs , 2013, 2013 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[24]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[25]  Yin Liu,et al.  Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows , 2010, 2010 14th European Conference on Software Maintenance and Reengineering.

[26]  Karthikeyan Sankaralingam,et al.  Dark Silicon and the End of Multicore Scaling , 2012, IEEE Micro.

[27]  Vikram Bhatt,et al.  GreenDroid: An architecture for the Dark Silicon Age , 2012, 17th Asia and South Pacific Design Automation Conference.

[28]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[29]  Fabrizio Ferrandi,et al.  A design methodology to implement memory accesses in High-Level Synthesis , 2011, 2011 Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[30]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[31]  Fabrizio Ferrandi,et al.  Bambu: A modular framework for the high level synthesis of memory-intensive applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.