The embodiment of the invention provides a
control flow integrity protection method and device, and the method comprises the steps of obtaining a
control flow diagram of a to-be-protected program, anddetermining all
indirect branch instructions and corresponding legal target addresses; inserting an
NOP instruction with
label information in front of each legal target address, pointing the jump target address of the corresponding
indirect branch instruction to the address where the
NOP instruction is located, and determining the
label information according to the address where the
indirect branch instruction is located, wherein the
NOP instruction is used for executing the skipped instruction after the
label information in the NOP instruction is verified to be consistent with the
source address of the indirect
branch instruction when the NOP instruction is used for executing the indirect
branch instruction. Due to the fact that the NOP instruction with the label information is insertedin front of each legal target address, different indirectly transferred legal target addresses can be distinguished, and fine-grained
control flow integrity protection is achieved. The invention is realized through the NOP instruction, the hardware overhead is small, the performance is not influenced, and the compatibility is better.