Patent · US Active

Systems and methods for reliably injecting control flow integrity into binaries without source code

US11934517B2 · kind B2 · utility

0Cited by

8References

20Claims

0Family size

Assignee

RUNSAFE SECURITY, INC. · US

Inventor

Erik Raymond Lotspeich · Huntsville, US

Key dates

Filing date	Aug 15, 2019
Grant date	Mar 19, 2024
Priority date	—
Expiry date	Jul 22, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.