{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,7]],"date-time":"2026-01-07T08:09:43Z","timestamp":1767773383998,"version":"build-2065373602"},"reference-count":48,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2023,11,16]],"date-time":"2023-11-16T00:00:00Z","timestamp":1700092800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSF","award":["1814420","1819694","1819687"],"award-info":[{"award-number":["1814420","1819694","1819687"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>With the proliferation of electronic devices, third-party intellectual property (3PIP) integration in the supply chain of the semiconductor industry and untrusted actors\/fields have raised hardware security concerns that enable potential attacks, such as unauthorized access to data, fault injection and privacy invasion. Different security techniques have been proposed to provide resilience to secure devices from potential vulnerabilities; however, no one technique can be applied as an overarching solution. We propose an integrated Information Flow Tracking (IFT) technique to enable runtime security to protect system integrity by tracking the flow of data from untrusted communication channels. Existing hardware-based IFT schemes are either fine-, which are resource-intensive, or coarse-grained models, which have minimal precision logic, providing either control-flow or data-flow integrity. No current security model provides multi-granularity due to the difficulty in balancing both the flexibility and hardware overheads at the same time. This study proposes a multi-level granularity IFT model that integrates a hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique, along with flexibility, for better precision and assessments. Translation from the instruction level to the data level is based on module instantiation with security-critical data for accurate information flow behaviors without any false conservative flows. A simulation-based IFT model is demonstrated, which translates the architecture-specific extensions into a compiler-specific simulation model with toolchain extensions for Reduced Instruction Set Architecture (RISC-V) to verify the security extensions. This approach provides better precision logic by enhancing the tagged mechanism with 1-bit tags and implementing an optimized shadow logic that eliminates the area overhead by tracking the data for only security-critical modules.<\/jats:p>","DOI":"10.3390\/cryptography7040058","type":"journal-article","created":{"date-parts":[[2023,11,16]],"date-time":"2023-11-16T08:19:43Z","timestamp":1700122783000},"page":"58","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V"],"prefix":"10.3390","volume":"7","author":[{"given":"Geraldine Shirley","family":"Nicholas","sequence":"first","affiliation":[{"name":"Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28262, USA"}]},{"given":"Dhruvakumar Vikas","family":"Aklekar","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28262, USA"}]},{"given":"Bhavin","family":"Thakar","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28262, USA"}]},{"given":"Fareena","family":"Saqib","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28262, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,11,16]]},"reference":[{"key":"ref_1","unstructured":"Newsome, J., and Song, D. (2005, January 3). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS \u201905), San Diego, CA, USA."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"482","DOI":"10.1145\/1273440.1250722","article-title":"Raksha","volume":"35","author":"Dalton","year":"2007","journal-title":"ACM SIGARCH Comput. Arch. News"},{"key":"ref_3","first-page":"39","article-title":"Hardware Information Flow Tracking","volume":"54","author":"Hu","year":"2021","journal-title":"ACM Comput. Surv."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Suh, G.E., Lee, J.W., Zhang, D., and Devadas, S. (2004, January 7\u201313). Secure program execution via dynamic information flow tracking. Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI), Boston, MA, USA.","DOI":"10.1145\/1024393.1024404"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Chen, K., Guo, X., Deng, Q., and Jin, Y. (2021). Dynamic Information Flow Tracking: Taxonomy, Challenges, and Opportunities. Micromachines, 12.","DOI":"10.3390\/mi12080898"},{"key":"ref_6","unstructured":"Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., and Iyer, R. (July, January 28). Defeating Memory Corruption Attacks via Pointer Taintedness Detection. Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN\u201905), Yokohama, Japan."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2619091","article-title":"TaintDroid","volume":"32","author":"Enck","year":"2014","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Venkataramani, G., Doudalis, I., Solihin, Y., and Prvulovic, M. (2008, January 16\u201320). FlexiTaint: A programmable accelerator for dynamic taint propagation. Proceedings of the 2008 IEEE 14th International Symposium on High Performance Computer Architecture, Lake City, UT, USA.","DOI":"10.1109\/HPCA.2008.4658637"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wahab, M.A., Cotret, P., Allah, M.N., Hiet, G., Lap\u00f4tre, V., and Gogniat, G. (2017, January 4\u20138). ARMHEx: A hardware extension for DIFT on ARM-based SoCs. Proceedings of the 2017 27th International Conference on Field Programmable Logic and Applications (FPL), Ghent, Belgium.","DOI":"10.23919\/FPL.2017.8056767"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Song, C., Moon, H., Alam, M., Yun, I., Lee, B., Kim, T., Lee, W., and Paek, Y. (2016, January 22\u201326). HDFI: Hardware-Assisted Data-Flow Isolation. Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2016.9"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Ferraiuolo, A., Zhao, M., Myers, A., and Suh, G. (2018, January 15\u201319). HyperFlow: A Processor Architecture for Nonmalleable, Timing-Safe Information Flow Security. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243743"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Hossain, M.M., Farahmandi, F., Tehranipoor, M., and Rahman, F. (2021, January 1\u20135). BOFT: Exploitable Buffer Overflow Detection by Information Flow Tracking. Proceedings of the 2021 Design, Automation & Test in Europe Conference & Exhibition, Grenoble, France.","DOI":"10.23919\/DATE51398.2021.9474045"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Hung, Y.-H., Jheng, B.-J., Li, H.-W., Lai, W.-Y., Mallissery, S., and Wu, Y.-S. (February, January 30). Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Japan.","DOI":"10.1109\/DSC49826.2021.9346239"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Palmiero, C., Di Guglielmo, G., Lavagno, L., and Carloni, L.P. (2018, January 25\u201327). Design and Implementation of a Dynamic Information Flow Tracking Architecture to Secure a RISC-V Core for IoT Applications. Proceedings of the 2018 IEEE High-Performance Extreme Computing Conference (HPEC), Waltham, MA, USA.","DOI":"10.1109\/HPEC.2018.8547578"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Siddiqui, A.S., Shirley, G., Bendre, S., Bhagwat, G., Plusquellic, J., and Saqib, F. (2019, January 1\u20133). Secure Design Flow of FPGA Based RISC-V Implementation. Proceedings of the 2019 IEEE 4th International Verification and Security Workshop (IVSW), Rhodes, Greece.","DOI":"10.1109\/IVSW.2019.8854418"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Hung, Y.-H., Li, H.-W., Wu, Y.-S., Jheng, B.-J., and Huang, Y.-N. (2018, January 25\u201328). HIT: Hybrid-Mode Information Flow Tracking with Taint Semantics Extraction and Replay. Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Luxembourg.","DOI":"10.1109\/DSN-W.2018.00037"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Liu, T., Shi, G., Chen, L., Zhang, F., Yang, Y., and Zhang, J. (2018, January 1\u20133). TMDFI: Tagged Memory Assisted for Fine-Grained Data-Flow Integrity Towards Embedded Systems Against Software Exploitation. Proceedings of the 2018 17th IEEE International Conference on Trust, Security Furthermore, Privacy in Computing Furthermore, Communications\/12th IEEE International Conference on Big Data Science Furthermore, Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00083"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Ma, M., Chen, L., and Shi, G. (2019, January 2\u20135). Dam: A Practical Scheme to Mitigate Data-Oriented Attacks with Tagged Memory Based on Hardware. Proceedings of the 2019 26th Asia-Pacific Software Engineering Conference (APSEC), Putrajaya, Malaysia.","DOI":"10.1109\/APSEC48747.2019.00036"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"559","DOI":"10.1109\/TIFS.2022.3144868","article-title":"FineDIFT: Fine-Grained Dynamic Information Flow Tracking for Data-Flow Integrity Using Coprocessor","volume":"17","author":"Chen","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Sapountzis, N., Sun, R., Wei, X., Jin, Y., Crandall, J., and Oliveira, D. (December, January 29). MITOS: Optimal Decisioning for the Indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems. Proceedings of the 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), Singapore.","DOI":"10.1109\/ICDCS47774.2020.00093"},{"key":"ref_21","unstructured":"Bruner Grayson, J. (2021). A Secure Architecture for Defense against Return Address Corruption. [Master\u2019s Thesis, University of Tennessee]."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Chakraborty, A., Bhattacharya, S., Alam, M., Patranabis, S., and Mukhopadhyay, D. (2021). RASSLE: Return Address Stack based Side-channel LEakage. IACR Trans. Cryptogr. Hardw. Embed. Syst., 275\u2013303.","DOI":"10.46586\/tches.v2021.i2.275-303"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1145\/2528521.1508258","article-title":"Complete information flow tracking from the gates up","volume":"37","author":"Tiwari","year":"2009","journal-title":"ACM SIGARCH Comput. Arch. News"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1128","DOI":"10.1109\/TCAD.2011.2120970","article-title":"Theoretical Fundamentals of Gate Level Information Flow Tracking","volume":"30","author":"Hu","year":"2011","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., and Kastner, R. (2011, January 3\u20135). An Improved Encoding Technique for Gate Level Information Flow Tracking. Proceedings of the International Workshop on Logic & Synthesis (IWLS), San Diego, CA, USA.","DOI":"10.1145\/1837274.1837337"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Hu, W., Oberg, J., Mu, D., and Kastner, R. (2012, January 5\u20138). Simultaneous information flow security and circuit redundancy in Boolean gates. Proceedings of the 2012 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA.","DOI":"10.1145\/2429384.2429511"},{"key":"ref_27","unstructured":"(2012, January 6\u20138). Ryan Kastner, Circuit primitives for monitoring information flow and enabling redundancy. Proceedings of the 8th International Conference on Hardware and Software: Verification and Testing (HVC\u201912), Haifa, Israel."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Le, T., Di, J., Tehranipoor, M., and Wang, L. (2016, January 18\u201320). Tracking data flow at gate-level through structural. Proceedings of the 2016 International Great Lakes Symposium on VLSI (GLSVLSI), Boston, MA, USA.","DOI":"10.1145\/2902961.2903040"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Zhang, Q., He, J., Zhao, Y., and Guo, X. (2020, January 15\u201317). A Formal Framework for Gate- Level Information Leakage Using Z3. Proceedings of the 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Kolkata, India.","DOI":"10.1109\/AsianHOST51057.2020.9358257"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Zhang, S., Wang, S., Wang, J., Zhou, S., and Yao, Z. (2022, January 4\u20135). Quantitative Analysis of Information Leakage Hardware Trojans in IP Cores. Proceedings of the 2022 9th International Conference on Dependable Systems and Their Applications (DSA), Wulumuqi, China.","DOI":"10.1109\/DSA56465.2022.00063"},{"key":"ref_31","unstructured":"Blackstone, J., Wei, H., Althoff, A., Armaiti, A., Zhang, L., and Kastner, R. (2020). A Unified Model for Gate Level Propagation Analysis. arXiv."},{"key":"ref_32","unstructured":"(2020, May 20). Common Evaluation Platform Repository. Available online: https:\/\/github.com\/mitll\/CEP."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Ge, Q., Yarom, Y., and Heiser, G. (2018, January 27\u201328). No security without time protection: We need a new hardware-software contract. Proceedings of the Asia-Pacific Workshop on Systems (APSys), Jeju Island, Republic of Korea.","DOI":"10.1145\/3265723.3265724"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Poorhosseini, M., Nebel, W., and Gr\u00fcttner, K. (September, January 31). A Compiler Comparison in the RISC-V Ecosystem. Proceedings of the 2020 International Conference on Omni-Layer Intelligent Systems (COINS), Barcelona, Spain.","DOI":"10.1109\/COINS49042.2020.9191411"},{"key":"ref_35","unstructured":"(2020, January 25). 2021. RISC-V Spike. Available online: https:\/\/github.com\/riscv\/riscv-isa-sim."},{"key":"ref_36","unstructured":"(2020, January 25). RISCV-QEMU. Available online: https:\/\/github.com\/riscv\/riscv-qemu."},{"key":"ref_37","unstructured":"Deutschbein, C., Meza, A., Restuccia, F., Kastner, R., and Sturton, C. (2021, January 5\u201315). Isadora: Automated Information Flow Property Generation for Hardware Designs. Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security (ASHES \u201921). Association for Computing Machinery, New York, NY, USA."},{"key":"ref_38","unstructured":"Aleph One (2022, January 25). Smashing the Stack for Fun Furthermore, Profit, Phrack #49 Article 14. Available online: http:\/\/www.phrack.org\/issues.html?issue=49&id=14#article."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"1271","DOI":"10.1109\/TC.2006.166","article-title":"SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address","volume":"55","author":"Ozdoganoglu","year":"2006","journal-title":"IEEE Trans. Comput."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Day, J., Zhao, Z., and Ma, M. (2010, January 10\u201316). Detecting Return-to-libc Buffer Overflow Attacks Using Network Intrusion Detection Systems. Proceedings of the 2010 Fourth International Conference on Digital Society, Saint Maarten, The Netherlands.","DOI":"10.1109\/ICDS.2010.37"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Tiwari, M., Li, X., Wassel, H.M.G., Chong, F.T., and Sherwood, T. (2009, January 12\u201316). Execution leases: A hardware-supported mechanism for enforcing strong non-interference. Proceedings of the 2009 42nd Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO), New York, NY, USA.","DOI":"10.1145\/1669112.1669174"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Wang, C., Cai, Y., and Zhou, Q. (2018, January 22\u201325). HLIFT: A high-level information flow tracking method for detecting hardware Trojans. Proceedings of the 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), Jeju, Republic of Korea.","DOI":"10.1109\/ASPDAC.2018.8297408"},{"key":"ref_43","unstructured":"Waterman, A., Lee, Y., Patterson, D., and Asanovi\u0107, K. (2016). The RISCV Instruction Set Manual, Volume I: User-Level ISA Version 2.1, EECS Department, University of California. Technical Report UCB\/EECS-2016-118."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Nicholas, G.S., Thakar, B., and Saqib, F. (2021, January 22\u201325). Hardware Secure Execution and Simulation Model Correlation using IFT on RISC-V. Proceedings of the 2021 on Great Lakes Symposium on VLSI, Virtual Event.","DOI":"10.1145\/3453688.3461517"},{"key":"ref_45","unstructured":"Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., and Ottoni, G. (2004, January 4\u20138). RIFLE: An Architectural Framework for User-Centric Information-Flow Security. Proceedings of the 37th International Symposium on Microarchitecture (MICRO-37\u201904), Portland, OR, USA."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Chen, Y., Jamkhedkar, P.A., and Lee, R.B. (2012, January 14\u201327). A software-hardware architecture for self-protecting data. Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS \u201912). Association for Computing Machinery, New York, NY, USA.","DOI":"10.1145\/2382196.2382201"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Bidmeshki, M., and Makris, Y. (2015, January 5\u20137). Toward automatic proof generation for information flow policies in third-party hardware IP. Proceedings of the 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA.","DOI":"10.1109\/HST.2015.7140256"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Nicholas, G.S., Thakar, B., and Saqib, F. (2021, January 29\u201330). Multi granular level-based IFT model for RISC-V. Proceedings of the Second iiScience International Conference 2021: Recent Advances in Photonics and Physical Sciences, Faisalabad, Pakistan.","DOI":"10.1117\/12.2601036"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/4\/58\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:24:01Z","timestamp":1760131441000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/4\/58"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,16]]},"references-count":48,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["cryptography7040058"],"URL":"https:\/\/doi.org\/10.3390\/cryptography7040058","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2023,11,16]]}}}