Architectural Support for Software-Defined Metadata Processing
Date: March 15, 2015
Accepted into 20th International Conference on Architectural Support for Programming Languages and Operating Systems, March 14-18, 2015, Istanbul, Turkey.
Hardware for propagating and checking software-programmable metadata tags can achieve low runtime overhead when carefully implemented. We generalize prior work on hardware tagging by considering a generic architecture that supports software-defined policies over metadata of arbitrary size and complexity. We introduce several novel microarchitectural optimizations that keep the overhead of this rich processing low. Our model thus achieves the efficiency of previous hardware-based approaches with the flexibility of the software-based ones. We demonstrate this by using it to enforce four diverse safety and security policies—spatial and temporal memory safety, taint tracking, control-flow integrity, and code and data separation —plus a composite policy that enforces all of them simultaneously. Experiments on SPEC CPU2006 benchmarks show modest impact on runtime (typically under 10%) and power ceiling (less than 10%), in return for some increase in energy usage (typically under 60%) and area for on-chip memory structures (110%).