	US 12,229,245 B2
	Control flow integrity system and method
Yitzhack Davidovich, Jerusalem (IL); Yoav Fuchs, Har Gilo (IL); and Leonid Frenkel, Kfar Aza (IL)
Assigned to C2A-SEC, LTD, Jersalem (IL)
Appl. No. 17/795,535
Filed by C2A-SEC, LTD., Jerusalem (IL)
PCT Filed Jan. 27, 2021, PCT No. PCT/IL2021/050090 § 371(c)(1), (2) Date Jul. 27, 2022, PCT Pub. No. WO2021/152583, PCT Pub. Date Aug. 5, 2021.
Claims priority of provisional application 62/966,573, filed on Jan. 28, 2020.
Prior Publication US 2023/0049233 A1, Feb. 16, 2023
Int. Cl. G06F 21/52 (2013.01)

CPC G06F 21/52 (2013.01) [G06F 2221/034 (2013.01)]

20 Claims

1. A control flow integrity (CFI) system comprising a processor and a memory, said processor arranged, responsive to instructions stored in said memory, to load into a process:

at least one protection module, each of said at least one protection module comprising a respective allowable flow model associated with at least one of a plurality of portions of a process; and

a process protection manager,

wherein said loaded process protection manager is arranged to:

compare one or more parameters of a control flow instruction in one of the plurality of portions of the process to said allowable flow model of said associated protection module; and

responsive to an outcome of said comparison indicating that said compared one or more parameters does not meet a respective parameter of said respective allowable flow model, generate a predetermined signal,

wherein each of said at least one protection module is implemented as a shared object, and

wherein each of said at least one process protection manager is implemented as a shared object.