Control Flow Integrity (CFI)
Built for embedded performance, assuring runtime behavior
Karamba XGuard CFI:
Of Memory Control Flow
Control Flow Integrity (CFI), is a widely understood concept, but prior to the development of Karamba XGuard, it was not successfully implemented in embedded systems.
Automatically created, Karamba's patented Control Flow Graph is monitored in runtime and validates forward and backward memory address jumps. Even if the code has memory vulnerabilities like buffer overflow, XGuard will not allow exploits.
Karamba CFI is applied on the OS and application levels and protects the function calls within all binaries, libraries and scripts, as well as within OS functions.
What makes Karamba's CFI stand out from previous products that used Control Flow Integrity is its patented low performance footprint, with less than 5% CPU overhead and 10% RAM consumption.
(In the following video, Karamba Security Cybersecurity Researcher Aviv Sinai demonstrates how CFI can stop remote code execution attacks)
XGuard CFI Advantages
See Why Our Security Solutions Win Awards
What is autonomous security and how does it provide superior runtime integrity protection? In this white paper, we explain how deterministic methods harden the runtime environment to prevent system hacking.
Karamba’s platform features CFI, whitelisting, on-premise or cloud-based management, customizable reporting and forensics. Plus it’s easy to deploy, and supports almost any platform, build environment, and architecture.
Runtime Integrity at a Glance
How does Karamba prevent hacking attempts? See a diagram of connected systems cybersecurity. Learn how Karamba eliminates the risks of false positives, performance drag, and security gaps.
Want to learn more?Contact Us
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171
24 HaNagar Street
Tel: +972 9 88 66 113
Landstr. 264, Munich
Tel: +49 151 1471 6088