Return oriented programming (ROP) and jump oriented programming (JOP) are each a form of control flow hijacking attack. These attacks leverage memory corruption bugs, e.g., buffer overflow, to redirect control flow to already existing executable code stored in memory. The attacks rely on short instruction sequences, called “gadgets”, that end with an indirect branch instruction (e.g., return, jump*, call*, where *corresponds to indirect addressing) and perform attacker-chosen operations. Control flow integrity (CFI) validation techniques may provide a defense against control flow hijacking attacks. CFI validation techniques are configured to guarantee legitimate control flow transfers in an application. Existing CFI validation techniques may require source code modification and/or binary re-instrumentation to insert run time CFI checks in an application binary. Further, existing CFI validation techniques may incur a performance penalty and/or may provide only a limited history, thus, limiting accuracy.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.