Tim Niklas Witte
Corruption and Breach Filter: Prevent Memory Corruptions and Data Breaches by Enforcing Data-Flow Integrity in Superscalar Out-Of-Order Architectures

Abstract
State-of-the-art exploitation protection techniques in hardware are only designed for in-order cores. This thesis introduces the Corruption and Breach Filter (CBF) which is a processor expansion for a superscalar out-of-order core. It implements an exploit protection technique. Data-flow integrity is enforced by memory tagging. The CBF is integrated into the BOOM processor (Berkeley Out-of-Order Machine) for demonstration purposes. To start with, the most common software vulnerabilities and state-of-the-art exploitation protection techniques in hardware are explained followed by a summary of the BOOM architecture. Hereafter, the CBF implementation including the memory tagging policy and the integration into the BOOM processor are elucidated. The performance overhead in terms of clock cycles is about 60%. Due to an implementation error in a CBF component, this measurement is distorted about 40% of the additional pipeline stalls causing this performance decrease are a result of this implementation error. For evaluation purposes, the BOOM processor (parameterization: SmallBoomConfig) with the CBF expansion is synthesized on the Genesys ZU-5EV FPGA board (XCZU15EG-1FFVC900E): The maximal possible clock frequency is reduced from about 100MHz to ca. 70MHz. Besides, about 30% more hardware resources are required compared to the unchanged BOOM processor. This thesis demonstrates that the CBF is able to prevent sophisticated arbitrary write and read exploits. Further adaptations of the CBF in order to support features provided by operating systems are discussed such as multiprocessing and multiple program segments.