Fast and Efficient Deployment of Security Defenses Via Context Sensitive Decoding
Abstract
Modern CPU cores feature translation of instructions into internal instructions, often called micro-ops, for simplified CPU design and improved instruction throughput. However, this translation is static in most known instances. This paper gives an overview of context-sensitive decoding (CSD), a technique that enables customization of the micro-op translation, based on the execution context or particular hardware triggers. This enables rapid deployment of security defenses, enabling changes to the instruction stream without the need for recompilation, translation, or interpretation of the original code. In addition, because the alternate decodings can be turned on and off as quickly as a single cycle, it enables the defense to be strategically deployed only on those instructions that require it, minimizing performance overhead. In this work, CSD is paired with a novel machine-learning based attack detection mechanism, allowing the system to adapt the level of protection in the presence of suspected malicious code.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 25, 2019
- Accession Number
- AD1075655
Entities
People
- Ashish Venkat
- Dean Tullsen
- Han Wang
- Hossein Sayadi
- Houman Homayoun
- Mohammadkazem Taram
- Sai Manoj
Organizations
- University of California, San Diego