METHOD FOR CONTROL-FLOW INTEGRITY PROTECTION, APPARATUS, DEVICE AND STORAGE MEDIUM

摘要

Embodiments of the present invention provide a method for control-flow integrity protection, an apparatus, a device and a storage medium. The method includes: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. In the embodiments of the present invention, by changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency; and the program, when tampered with, terminates as an error in a target instruction triggers an abnormality, which realizes a fine-grained control-flow integrity protection and improves the security and reliability of control-flow integrity protection.