Control flow tracking at the machine instruction level is blindfolded without a validity check in the current processor architecture. Whatever the program counter points to the instruction is fetched and executed. Whenever this blindfolded instruction sequencing is not properly addressed at a higher level by system and application software, it becomes a vulnerability that malicious software exploits. To mend this fundamental flaw, this project explores incorporating control flow validation into modern high-performance pipelined processors. A straightforward idea of control flow validation can be collecting possible target addresses per branch to check every branching instance. Modern microprocessors do this checking in some sense already at micro-architecture level in the form of branch prediction. Since illegitimate control transfer in program execution can be made only when the processor's program counter is "forced" to point to "unseen" addresses, control flow altering attacks cause branch mis-predictions in the processor micro-architecture; branch mis-prediction is one of the symptoms of misbehavior in program execution such as binary code tampering and virus infection. This project develops micro-architecture for incorporating control flow validation into the branch prediction unit of modern high-performance pipelined processors. A processor core with secure control flow creates a basis for designing and building more trusted devices and cyber infrastructure. This project will produce a practical hardware support for validating program control flow to provide protection from not-yet-known attacks and exploits, i.e. before the behavior patterns, attack signatures, or vulnerabilities they exploit are analyzed and captured.
