Methods for enforcing control flow of a computer program

摘要

One aspect of the invention provides a method of controlling execution of a computer program. The method comprises the following runtime steps: parsing code to identify one or more indirect branches; creating a branch ID data structure that maps an indirect branch location to a branch ID, which is the indirect branch's equivalence class ID; creating a target ID data structure that maps a code address to a target ID, which is an equivalence class ID to which the address belongs; and prior to execution of an indirect branch including a return instruction located at an address: obtaining the branch ID associated with the return address from the branch ID data structure; obtaining the target ID associated with an actual return address for the indirect branch from the target ID data structure; and comparing the branch ID and the target ID.

主权项

1. A method of controlling execution of a computer program, the method comprising the following runtime steps:
parsing code to identify one or more indirect branches; creating a branch ID data structure that maps an indirect branch location to a branch ID, which is the indirect branch's equivalence class ID; creating a target ID data structure that maps a code address to a target ID, which is an equivalence class ID to which the address belongs; and prior to execution of an indirect branch including a return instruction located at an address:
obtaining the branch ID associated with the return address from the branch ID data structure;obtaining the target ID associated with an actual return address for the indirect branch from the target ID data structure;comparing the branch ID and the target ID; andif the branch ID and the target ID differ, preventing execution of the indirect branch.