Embodiments of the present disclosure provide a method for control-flow integrity protection, including: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. By changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency.

Embodiments of the present disclosure provide a method for control-flow integrity protection, including: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. By changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency.

A method for securing the functioning of an electronic device, which comprises an electronic board and one or more peripheral units connected to or integrated with the electronic board, an integrated storage unit being provided on the electronic board, in which a management program is stored which, when executed, manages, by means of a set of management instructions, the functioning of the electronic board and of the peripheral units.

A device access means for accessing fieldbus components of a fieldbus system is described. The device access means is installed in a host or host environment and includes a frame application as well as, bound into the frame application, at least one driver, which is designed to access at least one fieldbus component. Moreover, the device access means includes a monitoring unit, which is designed to register information concerning resources reserved by drivers and provided by the operating system of the host or host environment, and, upon detecting an abnormal temporal increase of resources reserved by drivers, to initiate at least one predetermined countermeasure.

Techniques are disclosed for a hybrid undo/redo for text editing, where non-linear undo and redo operations are performed across dynamic regions in a document and linear undo and redo operations are performed within the dynamic regions in the document. In an example, the hybrid undo/redo may be achieved by maintaining respective region offset values for the dynamic regions created in a document by the edits made to the document. In operation, the respective region offset values associated with the dynamic regions can be used to negate or otherwise counteract the effect of edits made in the dynamic regions.

Techniques are disclosed for a hybrid undo/redo for text editing, where non-linear undo and redo operations are performed across dynamic regions in a document and linear undo and redo operations are performed within the dynamic regions in the document. In an example, the hybrid undo/redo may be achieved by maintaining respective region offset values for the dynamic regions created in a document by the edits made to the document. In operation, the respective region offset values associated with the dynamic regions can be used to negate or otherwise counteract the effect of edits made in the dynamic regions.

A method for managing secure processing of electronic payment transactions includes receiving a request submitted by a merchant computing system for a security verifier. The security verifier is to be displayed on an electronic display associated with the merchant computing system. A set of security credentials received from a security service provider is measured against a security threshold. When the set of security credentials meets the security threshold, a uniform resource locator (“URL”) is transmitted to the merchant computing system. The URL identifies the security verifier to be retrieved and displayed at the electronic display associated with the merchant computing system.

Input data for an operating system command of an automation process is received. The operating system command is generated based on the received input data. The generated operating system command is parsed to identify one or more metrics. The identified one or more metrics are automatically evaluated to determine a security risk associated with the generated operating system command.

The present invention relates to a method for protecting a program in a computer system, the method comprising: when a subroutine of said program is called, pushing a return address on to a stack to start forming a stack frame; when pushing said return address, generating a checksum for said stack frame; each time a predetermined opcode is detected for said subroutine, updating said checksum according to an operand associated with said predetermined opcode; if the predetermined opcode is a pop opcode, in addition to said updating, determining whether the operand associated with said pop opcode is said return address; if it is determined that said operand is said return address, verifying said checksum before executing said predetermined opcode in order to detect an attack.

Securely executing instructions of software on a computerized device by accessing a software of a computerized device, wherein the software includes a plurality of instructions and respective reference message authentication codes (MACs), generating a cryptographic key based at least in part on a key derivation function, wherein arguments of the key derivation function are based at least in part on a unique identifier of the computerized device and a value extended from a measurement of a content of the software of an extension mechanism of a platform configuration register of the computerized device, verifying an instruction of the plurality of instructions of the software based at least in part on the cryptographic key and a reference MAC of the respective reference MACs, and in response to verifying the instruction of the plurality of instructions of the software, executing the instruction.