Control Flow Integrity (CFI)

Built for embedded performance, assuring runtime behavior

Karamba XGuard CFI:
Deterministic Validation
Of Memory Control Flow

Control Flow Integrity (CFI), is a widely understood concept, but prior to the development of Karamba XGuard, it was not successfully implemented in embedded systems.

Automatically created, Karamba's patented Control Flow Graph is monitored in runtime and validates forward and backward memory address jumps. Even if the code has memory vulnerabilities like buffer overflow, XGuard will not allow exploits.

Karamba CFI is applied on the OS and application levels and protects the function calls within all binaries, libraries and scripts, as well as within OS functions.

What makes Karamba's CFI stand out from previous products that used Control Flow Integrity is its patented low performance footprint, with less than 5% CPU overhead and 10% RAM consumption.

(In the following video, Karamba Security Cybersecurity Researcher Aviv Sinai demonstrates how CFI can stop remote code execution attacks)

Karamba XGuard CFI

XGuard CFI Advantages

ECU Protects Itself

Self-protection

Embedded security inside the image is isolated and always on. There are no updates required and it is not dependent on connectivity to the cloud.

Zero False Positives

Strong and Light

Fileless attacks are the new buzz with attackers. Karamba's patented CFI offers an unmatched level of protection with negligible performance impact.

Supports all ECUs

Unified Security

XGuard CFI protects executables on connected device hardware and is OS agnostic. You can seamlessly apply the same solution across your product portfolio as a base software tool. Karamba is also compliant with ISO, NIST, ETSI and other security standards.

See Why Our Security Solutions Win Awards

Figure

White Paper

What is autonomous security and how does it provide superior runtime integrity protection? In this white paper, we explain how deterministic methods harden the runtime environment to prevent system hacking.

Figure

Supported Platforms

Karamba’s XGuard features CFI, whitelisting, on-premise or cloud-based management, customizable reporting and forensics. Plus it’s easy to deploy, and supports almost any platform, build environment, and architecture.

Figure

XGuard One Pager

XGuard is OS agnostic, and compatible with a wide range of platforms out-of-the-box. The platform includes both an embedded agent and cloud-based monitoring.

Want to learn more?

Contact Us
Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583