ProMiSE: A High-Performance Programmable Hardware Monitor for High Security Enforcement of Software Execution

In recent years, to prevent computer systems from software attacks, hardware monitors are proposed as a type of efficient security enforcement scheme, which can detect software attacks at runtime. However, due to the limited flexibility of dedicated hardware monitors, one monitor can be only applied to a few targeted application scenarios, and is hard to defend against unconsidered attacks. This leads to high cost for redesign -ing monitors for new scenarios. Although recent studies propose flexible hardware monitors, the scope and security of the recon-figurable monitoring policies are still limited. To further improve the flexibility and security, this work proposes a monitor instruc-tion set and multiple security-assisting designs for supporting general operations needed by various attack detection schemes. Based on the above efforts, an efficient programmable hardware monitor named ProMiSE is designed. After implemented on the RocketChip RISC-V processor, ProMiSE can be programmed to realize a wider range of monitoring policies with higher security and similar hardware resource overhead, compared with state -of-the-art flexible hardware monitors. With these advantages, ProMiSE still has the detection latency as low as 18-59 CPU cycles. The performance overhead ranges from similar to 0% to 23.4%, which is also reasonable compared with the dedicated hardware monitors of corresponding policies.