Abstract: An apparatus, method, and computer program product are provided for encrypting a function symbol with relocation. The apparatus includes a compiler module, a static linker module, and an encryptor module. The compiler module inserts sequences of instructions to decrypt function symbols to be randomized at runtime before indirect function calls. The compiler module inserts an instruction sequence at compile time to encrypt an operand register that receives a local function symbol in position-independent code (PIC), where a call or store instruction uses the register as an operand. The static linker module inserts an encoding section at link time. The encoding section includes two columns representing the sizes of function symbols in bits or bytes and the locations storing the function symbols to be encrypted at runtime. The encryptor module encrypts at runtime the function symbols whose sizes and stored memory locations are identified in the encoding section.

Abstract: An apparatus, method, and computer program product are provided for encrypting a function symbol with relocation. The apparatus includes a compiler module, a static linker module, and an encryptor module. The compiler module inserts sequences of instructions to decrypt function symbols to be randomized at runtime before indirect function calls. The compiler module inserts an instruction sequence at compile time to encrypt an operand register that receives a local function symbol in position-independent code (PIC), where a call or store instruction uses the register as an operand. The static linker module inserts an encoding section at link time. The encoding section includes two columns representing the sizes of function symbols in bits or bytes and the locations storing the function symbols to be encrypted at runtime. The encryptor module encrypts at runtime the function symbols whose sizes and stored memory locations are identified in the encoding section.

Abstract: Present disclosure provides the system and method for protecting the control-flow of a computer program against manipulation and leak of code pointers during program execution. The system includes a memory that a computer program is loaded onto and a processor which executes the computer program for protecting the control-flow of a program against manipulation and leak of code pointers during program execution. The method includes providing a shadow stack for each process and thread of the computer program in a thread local storage (TLS). Each code pointer is encrypted with the corresponding encryption key, the pair with a global key is encrypted, and reencryption of the code pointer at runtime is performed.