论文信息 - Flexible Hardware Acceleration for Instruction-Grain Program Monitoring

Flexible Hardware Acceleration for Instruction-Grain Program Monitoring

Instruction-grain program monitoring tools, which check and analyze executing programs at the granularity of individual instructions, are invaluable for quickly detecting bugs and security attacks and then limiting their damage (via containment and/or recovery). Unfortunately, their fine-grain nature implies very high monitoring overheads for software-only tools, which are typically based on dynamic binary instrumentation. Previous hardware proposals either focus on mechanisms that target specific bugs or address only the cost of binary instrumentation. In this paper, we propose a flexible hardware solution for accelerating a wide range of instruction-grain monitoring tools. By examining a number of diverse tools (for memory checking, security tracking, and data race detection), we identify three significant common sources of overheads and then propose three novel hardware techniques for addressing these overheads: Inheritance Tracking, Idempotent Filters, and Metadata-TLBs. Together, these constitute a general-purpose hardware acceleration framework. Experimental results show our framework reduces overheads by 2-3X over the previous state-of-the-art, while supporting the needed flexibility.

[1] Gerry Kane,et al. MIPS RISC Architecture , 1987 .

[2] Anoop Gupta,et al. The SPLASH-2 programs: characterization and methodological considerations , 1995, ISCA.

[3] S. Savage,et al. Eraser: a dynamic data race detector for multi-threaded programs , 1997 .

[4] Michael Burrows,et al. Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[5] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[6] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7] William G. Griswold,et al. Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[8] Dawson R. Engler,et al. Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[9] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000 .

[10] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[11] Junfeng Yang,et al. An empirical study of operating systems errors , 2001, SOSP.

[12] Greg Nelson,et al. Extended static checking for Java , 2002, PLDI '02.

[13] Niels Provos,et al. Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[14] Amir Roth,et al. DISE: a programmable macro engine for customizing applications , 2003, ISCA '03.

[15] John Wilander,et al. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[16] Nicholas Nethercote,et al. Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[17] Min Xu,et al. A "flight data recorder" for enabling full-system multiprocessor deterministic replay , 2003, ISCA '03.

[18] David Zhang,et al. Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[19] Derek Bruening,et al. Efficient, transparent, and comprehensive runtime code manipulation , 2004 .

[20] Frederic T. Chong,et al. Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[21] Nicholas Nethercote,et al. Dynamic Binary Analysis and Instrumentation , 2004 .

[22] Satish Narayanasamy,et al. BugNet: continuously recording program execution for deterministic replay debugging , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[23] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[24] Yuanyuan Zhou,et al. Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.

[25] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[26] Wei Liu,et al. Efficient and flexible architectural support for dynamic monitoring , 2005, TACO.

[27] Jonathan Pevsner,et al. Basic Local Alignment Search Tool (BLAST) , 2005 .

[28] Cheng Wang,et al. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[29] Yan Solihin,et al. HeapMon: A helper-thread approach to programmable, automatic, and low-overhead memory bug detection , 2006, IBM J. Res. Dev..

[30] Min Xu,et al. A regulated transitive reduction (RTR) for longer memory race recording , 2006, ASPLOS XII.

[31] Hsien-Hsin S. Lee,et al. An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[32] Babak Falsafi,et al. Log-based architectures for general-purpose monitoring of deployed code , 2006, ASID '06.

[33] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[34] Christoforos E. Kozyrakis,et al. Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[35] Guru Venkataramani,et al. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[36] Gang-Ryung Uh,et al. Analyzing Dynamic Binary Instrumentation Overhead , 2007 .

[37] Pin Zhou,et al. HARD: Hardware-Assisted Lockset-based Race Detection , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[38] Yuanyuan Zhou,et al. Triage: diagnosing production run failures at the user's site , 2007, SOSP.

[39] Nicholas Nethercote,et al. How to shadow every byte of memory used by a program , 2007, VEE '07.

[40] Guru Venkataramani,et al. FlexiTaint: A programmable accelerator for dynamic taint propagation , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.