In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.
展开▼
