Modern systems remain exposed to control-flow attacks such as Jump-Oriented Programming (JOP) and Return-Oriented Programming (ROP), as well as memory corruption vulnerabilities. Software defenses are often coarse-grained or computationally expensive, while existing hardware protections cover only limited classes of bugs. Enforcing context-aware policies at instruction granularity typically requires intrusive compiler or OS modifications, external metadata, or high runtime overhead, which complicates deployment and slows real workloads.
This CPU architecture integrates immutable tags for both instructions and data in registers and memory. During execution, hardware continuously compares these tags—along with explicit control-flow labels—to determine whether to permit or deny operations such as calls, returns, indirect jumps, and memory accesses. Tags can reside inline in binaries, in the instruction cache, or in protected memory. A modified compiler and operating system toolchain (e.g., LLVM with kernel extensions) automatically generates and manages tags. A reference implementation, STAR, demonstrates strong control-flow integrity and pointer validation with only a few percent performance overhead on FPGA prototypes, proving practical, fine-grained enforcement with negligible cost.
• Per-instruction, fine-grained enforcement that blocks ROP/JOP and bad pointer use
• Inline tag placement for fast lookup and cache locality
• Low measured overhead (~few percent on FPGA prototypes) suitable for production use
• Flexible tag storage options compatible with multiple instruction set architectures
• Hardware–software co-design with compiler/OS support for seamless integration
• Policy composability enabling simultaneous enforcement of access control, compartmentalization, and CFI
• United States – 63/650,898, Provisional, filed 05/22/2024, Converted
• United States – 19/216,713, Utility, filed 05/23/2025, Status: Filed
Prototype.
This technology is available for licensing.
Ideal for processor manufacturers, embedded system designers, and cybersecurity solution providers seeking scalable, low-overhead hardware protection against control-flow and memory integrity attacks.
FPGA prototype performance metrics and hardware-software integration details available upon request.