TaintHLS: High-Level Synthesis for Dynamic Information Flow Tracking

Christian Pilato, Kaijie Wu, Siddharth Garg, Ramesh Karri, Francesco Regazzoni

Research output: Contribution to journalArticle

Abstract

Dynamic information flow tracking (DIFT) is a technique to track potential security vulnerabilities in software and hardware systems at run time. Untrusted data are marked with tags (tainted), which are propagated through the system and their potential for unsafe use is analyzed to prevent them. DIFT is not supported in heterogeneous systems especially hardware accelerators. Currently, DIFT is manually generated and integrated into the accelerators. This process is error-prone, potentially hurting the process of identifying security violations in heterogeneous systems. We present TaintHLS, to automatically generate a micro-architecture to support baseline operations and a shadow microarchitecture for intrinsic DIFT support in hardware accelerators while providing variable granularity of taint tags. TaintHLS offers a companion high-level synthesis (HLS) methodology to automatically generate such DIFT-enabled accelerators from a high-level specification. We extended a state-of-the-art HLS tool to generate DIFT-enhanced accelerators and demonstrated the approach on numerous benchmarks. The DIFT-enabled accelerators have negligible performance and no more than 30% hardware overhead.

Original languageEnglish (US)
Article number8356053
Pages (from-to)798-808
Number of pages11
JournalIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Volume38
Issue number5
DOIs
StatePublished - May 2019

Keywords

  • Dynamic information flow tracking (DIFT)
  • hardware security
  • high-level synthesis (HLS)

ASJC Scopus subject areas

  • Software
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'TaintHLS: High-Level Synthesis for Dynamic Information Flow Tracking'. Together they form a unique fingerprint.

  • Cite this