The paper introduces a hardware mechanism called dynamic information flow tracking to protect programs from malicious attacks by identifying and restricting the usage of spurious information flows. The operating system identifies potentially malicious input channels, and the processor tracks all information flows from these inputs. Two security policies are described, one with a low overhead (0.26% memory and 0.02% performance degradation) and another with a higher overhead (4.5% memory and 0.8% performance degradation) that requires binary annotation. The approach effectively defeats a broad range of attacks, including buffer overflows and format strings, without causing false alarms in SPEC CPU2000 benchmarks. The paper also discusses efficient tag management and evaluates the effectiveness and overhead of the proposed scheme through simulations.The paper introduces a hardware mechanism called dynamic information flow tracking to protect programs from malicious attacks by identifying and restricting the usage of spurious information flows. The operating system identifies potentially malicious input channels, and the processor tracks all information flows from these inputs. Two security policies are described, one with a low overhead (0.26% memory and 0.02% performance degradation) and another with a higher overhead (4.5% memory and 0.8% performance degradation) that requires binary annotation. The approach effectively defeats a broad range of attacks, including buffer overflows and format strings, without causing false alarms in SPEC CPU2000 benchmarks. The paper also discusses efficient tag management and evaluates the effectiveness and overhead of the proposed scheme through simulations.