A small and adaptive coprocessor for information flow tracking in ARM SoCs
This work addresses hardware security limitations for ARM SoC users, though it is incremental as it builds on existing DIFT concepts.
The paper tackles the lack of hardware DIFT support for multi-threaded applications and hardcore processors by introducing a custom coprocessor with features like virtual memory protection and Linux kernel support, achieving a 3.8x reduction in communication time overhead and area overhead under 1%.
DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons: current hardware DIFT solutions lack support for multi-threaded applications and implementations for hardcore processors. This work addresses both issues by introducing an approach with some unique features: DIFT for multi-threaded software, virtual memory protection (rather than physical memory as in related works) and Linux kernel support using an information flow monitor called RFBlare. These goals are accomplished by taking advantage of a notable feature of ARM CoreSight components (context ID) combined with a custom DIFT coprocessor and RFBlare. The communication time overhead, major source of slowdown in total DIFT time overhead, is divided by a factor 3.8 compared to existing solutions with similar software constraints as in this work. The area overhead of this work is lower than 1% and power overhead is 16.2% on a middle-class Xilinx Zynq SoC.