42 research outputs found
A Survey of Techniques for Architecting TLBs
“Translation lookaside buffer” (TLB) caches virtual to physical address translation information and is used
in systems ranging from embedded devices to high-end servers. Since TLB is accessed very frequently
and a TLB miss is extremely costly, prudent management of TLB is important for improving performance
and energy efficiency of processors. In this paper, we present a survey of techniques for architecting and
managing TLBs. We characterize the techniques across several dimensions to highlight their similarities and
distinctions. We believe that this paper will be useful for chip designers, computer architects and system
engineers
Industrial Applications: New Solutions for the New Era
This book reprints articles from the Special Issue "Industrial Applications: New Solutions for the New Age" published online in the open-access journal Machines (ISSN 2075-1702). This book consists of twelve published articles. This special edition belongs to the "Mechatronic and Intelligent Machines" section
Software-Based Techniques for Protecting Return Addresses
Protecting computing systems against cyberattacks should be put high on the
agenda. For example, Colonial Pipeline, an American oil pipeline system, suffered
a cyberattack that impacted its computerized equipment managing the pipeline,
leading to a state of emergency declared by President Joe Biden in May, 2021.
As reported by Microsoft Security Response Center, attackers are unanimously
corrupting the stack and most Control Flow Guard (CFG) improvements will provide
little value-add until stack protection loads. Shadow stacks play an important
role in protecting backward edges (return addresses on the call stack) to mitigate
Return-Oriented Programming (ROP) attacks. Control-Flow Integrity (CFI) techniques
often focus on protecting forward edges (indirect calls via function pointers
and virtual calls) and assume that backward edges are protected by shadow stacks.
However, the cruel reality is that shadow stacks are still not widely deployed due
to compatibility, performance or security deficiencies. In this thesis, we propose
three novel techniques for protecting return addresses.
First, by adding one level of indirection, we introduce BarRA, the first shadow
stack mechanism that applies continuous runtime re-randomization to abstract return
addresses for protecting their corresponding concrete return addresses (also
protected by CFI) for single-threaded programs, thus avoiding expensive pointer
tracking. As a nice side-effect, BarRA naturally combines the shadow stack, CFI
and runtime re-randomization in the same framework.
Second, without reserving any dedicated register, we propose a novel threadlocal
storage mechanism, STK-TLS, that is both efficient and free of compatibility
issues. We also present a new microsecond-level runtime re-randomization technique
(without relying on information hiding or MMU), STK-MSR, to mitigate
information disclosure attacks and protect the shadow stack with 64-bit entropy.
Based on STK-TLS and STK-MSR, we have implemented a novel stack layout
(referred to as Bustk), that is highly performant, compatible with existing code,
and provides meaningful security for single- and multi-threaded server programs.
Third, by fast-moving safe regions in the large 47-bit user space (based on
MMU), we design a practical shadow stack, FlashStack, for protecting return
addresses in single- and multi-threaded programs (including browsers) running under
64-bit Linux on x86-64. FlashStack introduces a novel lightweight instrumentation
mechanism, a continuous shuffling scheme for the shadow stack in user
space, and a new dual-prologue approach for a protected function to mitigate the
TOCTTOU attacks (constructed by Microsoft s red team), information disclosure
attacks, and crash-resistant probing attacks