Control flow integrity system and method
US9805188B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 11, 2014 |
| Grant date | Oct 31, 2017 |
| Priority date | — |
| Expiry date | Nov 11, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An improved CFI system and method is described that provides security from attacks to hijack computer software. The improved CFI system and method inserts two tags to execute label identification. The first tag is positioned before any instruction that would result in an indirect control flow transfer and requires the program to execute a check. The second tag is located before the first line of any legitimate transfer destination and when discovered by the tag check allows a program to carry out the indirect transfer. This tag orientation does not prevent transfers to targets other than the origin instruction's specific intended destination but limits transfers to destinations that begin with the proper label dedication. Although, an incorrect address may be called, that will be within the software program's assortment of legitimate indirect transfer targets. Attempts to exploit or reroute indirect transfers outside of the established control flow are eliminated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.