Abstract: The system security community has proposed a plethora of defense mechanisms that protect programs in the presence of vulnerabilities. Runtime monitors (e.g., CFI, CPI, ASLR, stack canaries, DEP, or diversity) detect security violations (e.g., control-flow hijacking, data corruption, or memory corruption) and terminate the process. Runtime monitors must be implemented efficiently for wide-spread adoption but their runtime data must be protected against adversarial access.