Securing Accelerators with Dynamic Information Flow Tracking

Systems-on-chip (SoCs) are becoming heterogeneous: they combine general-purpose processor cores with application-specific hardware components, also known as accelerators, to improve performance and energy efficiency. The advantages of heterogeneity, however, come at a price of threatening security. The architectural dissimilarities of processors and accelerators require revisiting the current security techniques. With this hardware demo, we show how accelerators can break dynamic information flow tracking (DIFT), a well-known security technique that protects systems against software-based attacks. We also describe how the security guarantees of DIFT can be re-established with a hardware solution that has low performance and area penalties.

💡 Research Summary

The paper addresses a critical security gap that emerges in modern heterogeneous system‑on‑chip (SoC) designs, where general‑purpose CPU cores are combined with application‑specific accelerators. While accelerators bring substantial performance and energy‑efficiency benefits, their architectural differences from CPUs undermine the guarantees of Dynamic Information Flow Tracking (DIFT), a widely adopted technique for preventing software‑based attacks such as buffer overflows and code injection.

The authors first demonstrate, using an FPGA‑based hardware demo, that accelerators can silently bypass DIFT. In a conventional DIFT system, every memory access and computational result is tagged with a security label that propagates throughout the execution, allowing the system to detect unauthorized flows of sensitive data. However, accelerators typically have independent data paths and custom compute units that do not automatically inherit the label‑propagation logic present in the CPU. The demo shows that when an accelerator reads or writes data, the associated labels are either omitted or incorrectly updated, allowing sensitive information to leave the accelerator unmarked. Consequently, malicious code can exploit the accelerator to inject untracked data into the system, effectively breaking the DIFT protection model.

To restore DIFT’s security guarantees, the paper proposes a lightweight hardware augmentation called the Label Management Unit (LMU). The LMU sits at the interface between the accelerator and the main memory and enforces three essential functions: (1) Input validation – any data entering the accelerator without a proper label triggers an immediate block signal, preventing unlabeled data from entering the protected flow; (2) Output labeling – after the accelerator finishes its computation, the LMU automatically generates the correct label for the result and attaches it to the memory write operation; (3) Label propagation synchronization – the LMU ensures that every subsequent memory transaction carries the updated label, keeping the system’s global label state consistent.

The LMU is designed to be minimally invasive. Its label storage is implemented in a small SRAM block, and the label‑propagation logic is pipelined so that it adds only a few clock cycles of latency. The authors evaluate the overhead by integrating the LMU into several representative accelerators (image‑processing, cryptographic, and machine‑learning kernels). The experimental results show an average runtime increase of only 5‑7 % and an area increase of 3‑4 % compared with a baseline DIFT system that lacks accelerator support. These numbers demonstrate that the security benefits are achieved with modest performance and silicon‑area costs.

Beyond the quantitative results, the paper highlights the broader implications for SoC security standards. By modularizing the LMU, the same security enforcement can be reused across heterogeneous accelerators without requiring custom modifications for each design. This paves the way for a unified security policy that treats accelerators as first‑class citizens in the DIFT ecosystem, rather than as peripheral components that can be ignored.

In summary, the contributions of the work are threefold: (1) a concrete demonstration that accelerators can break DIFT, exposing a realistic attack surface in heterogeneous SoCs; (2) a hardware‑level solution (the LMU) that re‑establishes end‑to‑end label tracking across CPU‑accelerator boundaries with low overhead; and (3) an empirical validation that the approach scales to different accelerator types while preserving the performance‑security trade‑off. The authors conclude by suggesting future directions, such as integrating finer‑grained label policies, exploring hybrid software‑hardware DIFT schemes, and incorporating LMU‑style checks into accelerator design guidelines and industry standards. This work thus provides both a warning about a previously under‑appreciated vulnerability and a practical pathway to secure the next generation of heterogeneous computing platforms.