This paper presents a hardware mechanism for dynamic information flow tracking to protect programs from malicious attacks by identifying and restricting spurious information flows. The mechanism allows the operating system to identify input channels as spurious and track all information flows from those inputs. By disallowing spurious data to be used as instructions or jump targets, a broad range of attacks are effectively defeated. Two security policies are described: the first incurs a memory overhead of 0.26% and a performance degradation of 0.02%, while the stronger policy incurs a memory overhead of 4.5% and a performance degradation of 0.8%, and requires binary annotation. The paper discusses the security attack model, where attackers aim to gain unauthorized access by taking control of a vulnerable program. It describes how malicious attacks can exploit program vulnerabilities such as buffer overflows and format strings to overwrite memory locations and gain control. The paper then presents a protection scheme that restricts the use of spurious data and tracks information flows to prevent malicious control transfers. The paper also describes two examples of attacks: stack smashing and format string attacks. In the stack smashing example, an attacker overflows a buffer and modifies the return address to execute malicious code. In the format string example, an attacker uses the %n flag to modify program pointers in memory. The protection scheme detects these attacks by tracking information flows and generating exceptions when spurious data is used as jump targets or instructions. The paper discusses dynamic information flow tracking, which uses security tags to indicate whether data is authentic or spurious. The tags are managed efficiently with different granularities for memory pages. The paper also describes two security policies: one that tracks copy, load-address, and store-address dependencies, and another that tracks all four dependencies. The first policy has a low overhead, while the second policy has a higher overhead but provides stronger protection. The paper evaluates the effectiveness of the protection scheme against various attacks, including buffer overflows and format string attacks. It shows that the scheme is effective in detecting and stopping these attacks without causing false alarms. The paper also discusses the memory and performance overheads of the two policies, showing that the first policy has minimal overhead, while the second policy has higher overhead but provides stronger protection. The paper concludes that the proposed hardware mechanism for dynamic information flow tracking is effective in preventing malicious software attacks by restricting the use of spurious information flows. The mechanism is efficient and can be implemented with minimal overhead, making it a promising solution for protecting programs from malicious attacks.This paper presents a hardware mechanism for dynamic information flow tracking to protect programs from malicious attacks by identifying and restricting spurious information flows. The mechanism allows the operating system to identify input channels as spurious and track all information flows from those inputs. By disallowing spurious data to be used as instructions or jump targets, a broad range of attacks are effectively defeated. Two security policies are described: the first incurs a memory overhead of 0.26% and a performance degradation of 0.02%, while the stronger policy incurs a memory overhead of 4.5% and a performance degradation of 0.8%, and requires binary annotation. The paper discusses the security attack model, where attackers aim to gain unauthorized access by taking control of a vulnerable program. It describes how malicious attacks can exploit program vulnerabilities such as buffer overflows and format strings to overwrite memory locations and gain control. The paper then presents a protection scheme that restricts the use of spurious data and tracks information flows to prevent malicious control transfers. The paper also describes two examples of attacks: stack smashing and format string attacks. In the stack smashing example, an attacker overflows a buffer and modifies the return address to execute malicious code. In the format string example, an attacker uses the %n flag to modify program pointers in memory. The protection scheme detects these attacks by tracking information flows and generating exceptions when spurious data is used as jump targets or instructions. The paper discusses dynamic information flow tracking, which uses security tags to indicate whether data is authentic or spurious. The tags are managed efficiently with different granularities for memory pages. The paper also describes two security policies: one that tracks copy, load-address, and store-address dependencies, and another that tracks all four dependencies. The first policy has a low overhead, while the second policy has a higher overhead but provides stronger protection. The paper evaluates the effectiveness of the protection scheme against various attacks, including buffer overflows and format string attacks. It shows that the scheme is effective in detecting and stopping these attacks without causing false alarms. The paper also discusses the memory and performance overheads of the two policies, showing that the first policy has minimal overhead, while the second policy has higher overhead but provides stronger protection. The paper concludes that the proposed hardware mechanism for dynamic information flow tracking is effective in preventing malicious software attacks by restricting the use of spurious information flows. The mechanism is efficient and can be implemented with minimal overhead, making it a promising solution for protecting programs from malicious attacks.