TY - JOUR
T1 - TaintHLS
T2 - High-Level Synthesis for Dynamic Information Flow Tracking
AU - Pilato, Christian
AU - Wu, Kaijie
AU - Garg, Siddharth
AU - Karri, Ramesh
AU - Regazzoni, Francesco
N1 - Funding Information:
Manuscript received August 1, 2017; revised November 29, 2017 and February 23, 2018; accepted April 10, 2018. Date of publication May 8, 2018; date of current version April 19, 2019. The work of S. Garg was supported in part by NSF CAREER Award under Grant A#: 1553419, and in part by Boeing Corporation. The work of R. Karri was supported in part by NSF under Grant A#: 1526405, in part by CCS-AD, and in part by Boeing corporation. This paper was recommended by Associate Editor J. Xu. (Corresponding author: Christian Pilato.) C. Pilato and F. Regazzoni are with the Advanced Learning and Research Institute, Faculty of Informatics, Università della Svizzera italiana, CH-6904 Lugano, Switzerland (e-mail: christian.pilato@usi.ch).
Publisher Copyright:
© 1982-2012 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - Dynamic information flow tracking (DIFT) is a technique to track potential security vulnerabilities in software and hardware systems at run time. Untrusted data are marked with tags (tainted), which are propagated through the system and their potential for unsafe use is analyzed to prevent them. DIFT is not supported in heterogeneous systems especially hardware accelerators. Currently, DIFT is manually generated and integrated into the accelerators. This process is error-prone, potentially hurting the process of identifying security violations in heterogeneous systems. We present TaintHLS, to automatically generate a micro-architecture to support baseline operations and a shadow microarchitecture for intrinsic DIFT support in hardware accelerators while providing variable granularity of taint tags. TaintHLS offers a companion high-level synthesis (HLS) methodology to automatically generate such DIFT-enabled accelerators from a high-level specification. We extended a state-of-the-art HLS tool to generate DIFT-enhanced accelerators and demonstrated the approach on numerous benchmarks. The DIFT-enabled accelerators have negligible performance and no more than 30% hardware overhead.
AB - Dynamic information flow tracking (DIFT) is a technique to track potential security vulnerabilities in software and hardware systems at run time. Untrusted data are marked with tags (tainted), which are propagated through the system and their potential for unsafe use is analyzed to prevent them. DIFT is not supported in heterogeneous systems especially hardware accelerators. Currently, DIFT is manually generated and integrated into the accelerators. This process is error-prone, potentially hurting the process of identifying security violations in heterogeneous systems. We present TaintHLS, to automatically generate a micro-architecture to support baseline operations and a shadow microarchitecture for intrinsic DIFT support in hardware accelerators while providing variable granularity of taint tags. TaintHLS offers a companion high-level synthesis (HLS) methodology to automatically generate such DIFT-enabled accelerators from a high-level specification. We extended a state-of-the-art HLS tool to generate DIFT-enhanced accelerators and demonstrated the approach on numerous benchmarks. The DIFT-enabled accelerators have negligible performance and no more than 30% hardware overhead.
KW - Dynamic information flow tracking (DIFT)
KW - hardware security
KW - high-level synthesis (HLS)
UR - http://www.scopus.com/inward/record.url?scp=85046736410&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85046736410&partnerID=8YFLogxK
U2 - 10.1109/TCAD.2018.2834421
DO - 10.1109/TCAD.2018.2834421
M3 - Article
AN - SCOPUS:85046736410
SN - 0278-0070
VL - 38
SP - 798
EP - 808
JO - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
JF - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
IS - 5
M1 - 8356053
ER -