Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path. In this paper, we study a case for data integrity checking based on Intel Processor Trace (Intel PT), the instruction tracing facility on x86 processors. We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode. We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events, even current Intel PT implementations only record control transfers. The trace is analyzed before the program makes security-sensitive operations. We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications. We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs. We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data. We find the performance overhead that DTrace incurs for the data tracing is moderate.

中文翻译：

---

DTrace：使用硬件指令跟踪进行细粒度和高效的数据完整性检查

最近发布的英特尔处理器配备了硬件指令跟踪工具，可以安全高效地记录程序执行路径。在本文中，我们研究了基于英特尔处理器跟踪 (Intel PT)（x86 处理器上的指令跟踪工具）的数据完整性检查案例。我们结合了软件检测和硬件指令跟踪来保证细粒度的数据完整性，而无需频繁切换处理器模式。我们将这个想法融入一个名为 DTrace 的系统中，该系统提供原语来指示英特尔 PT 捕获数据加载和存储事件，即使当前的英特尔 PT 实现也只记录控制传输。在程序进行安全敏感操作之前分析跟踪。我们在几个案例研究中应用了 DTrace，以表明 DTrace 提供的原语易于使用并有助于增强应用程序中的数据完整性。我们通过几个微基准进一步评估 DTrace，以显示 DTrace 的数据跟踪操作所产生的时间成本。我们还在 Nginx 上评估了 DTrace，以显示当 Nginx 增强安全性以在运行时执行期间为程序员定义的安全敏感数据提供完整性时的性能影响。我们发现 DTrace 为数据跟踪带来的性能开销适中。我们还在 Nginx 上评估了 DTrace，以显示当 Nginx 增强安全性以在运行时执行期间为程序员定义的安全敏感数据提供完整性时的性能影响。我们发现 DTrace 为数据跟踪带来的性能开销适中。我们还在 Nginx 上评估了 DTrace，以显示当 Nginx 增强安全性以在运行时执行期间为程序员定义的安全敏感数据提供完整性时的性能影响。我们发现 DTrace 为数据跟踪带来的性能开销适中。