Variable Record Table: A Unified Hardware-Assisted Framework for Runtime Security

TL;DR

This paper introduces a hardware-assisted Variable Record Table (VRT) framework that provides unified security protections against memory corruption, control-flow hijacking, and speculative attacks with minimal performance overhead.

Contribution

It presents a novel unified hardware structure, VRT, that simultaneously enforces multiple security mechanisms dynamically during runtime.

Findings

Detects all tested attack variants with zero instruction overhead.

Maintains low memory footprint below 25KB for 512 entries.

Overheads are kept under 8% in area and 11.65 μW in power.

Abstract

Modern computing systems face security threats, including memory corruption attacks, speculative execution vulnerabilities, and control-flow hijacking. Although existing solutions address these threats individually, they frequently introduce performance overhead and leave security gaps. This paper presents a Variable Record Table (VRT) with a unified hardware-assisted framework that simultaneously enforces spatial memory safety against buffer overflows, back-edge control-flow integrity (CFI), and speculative execution attack detection. The VRT dynamically constructs a protection table by instrumenting run-time instructions to extract memory addresses, bounds metadata, and control-flow signatures. Our evaluation across MiBench and SPEC benchmarks shows that VRT successfully detects all attack variants tested with zero additional instruction overhead. Furthermore, it maintains memory requirements below 25KB (for 512 entries) and maintains area / power overhead under 8% and 11.65 {\mu}W, respectively. By consolidating three essential security mechanisms into a single hardware structure, VRT provides comprehensive protection while minimizing performance impact.