Control Flow Integrity (CFI)
Built for embedded performance, assuring runtime behavior
Karamba XGuard CFI:
Deterministic Validation
Of Memory Control Flow
Control Flow Integrity (CFI), is a widely understood concept, but prior to the development of Karamba XGuard, it was not successfully implemented in embedded systems.
Automatically created, Karamba's patented Control Flow Graph is monitored in runtime and validates forward and backward memory address jumps. Even if the code has memory vulnerabilities like buffer overflow, XGuard will not allow exploits.
Karamba CFI is applied on the OS and application levels and protects the function calls within all binaries, libraries and scripts, as well as within OS functions.
What makes Karamba's CFI stand out from previous products that used Control Flow Integrity is its patented low performance footprint, with less than 5% CPU overhead and 10% RAM consumption.
(In the following video, Karamba Security Cybersecurity Researcher Aviv Sinai demonstrates how CFI can stop remote code execution attacks)
XGuard CFI Advantages
Self-protection
Embedded security inside the image is isolated and always on. There are no updates required and it is not dependent on connectivity to the cloud.
Strong and Light
Fileless attacks are the new buzz with attackers. Karamba's patented CFI offers an unmatched level of protection with negligible performance impact.
Unified Security
XGuard CFI protects executables on connected device hardware and is OS agnostic. You can seamlessly apply the same solution across your product portfolio as a base software tool. Karamba is also compliant with ISO, NIST, ETSI and other security standards.
See Why Our Security Solutions Win Awards
Want to learn more?
Contact Us
Israel
24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113
USA
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA
Germany
Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583