Intel on Monday announced that it will be offering a new security capability in the company’s upcoming mobile processor ‘Tiger Lake.’
The security layer dubbed as Intel Control-flow Enforcement Technology (CET) aims to protect CPUs against common malware attacks that have been a challenge to deal with software alone.
“Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone,” said Tom Garrison, Vice President of the Client Computing Group and General Manager of Security Strategies and Initiatives (SSI) at Intel Corporation, in a Monday post.
Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks, widely used techniques in large classes of malware.
The new security feature also offers software developers two key capabilities to help defend against control-flow hijacking malware: Indirect Branch Tracking (IBT) and Shadow Stack (SS).
Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods, while Shadow Stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods.
“These types of attack methods are part of a class of malware referred to as memory-safety issues, and include tactics such as the corruption of stack buffer overflow and use-after-free,” Garrison added.
Intel has been working on CET since 2016 when it first published the first version of the CET specification. The chip maker’s upcoming mobile Tiger Lake CPUs will be the first to have hardware-based malware protection, which eventually will be available in future desktop and server platforms as well.
Intel has already been working closely with Microsoft to prepare Windows 10 and developer tools so applications and the industry at large can offer better protection against control-flow hijacking threats.
Microsoft’s upcoming support for Intel CET in Windows 10 is called Hardware-enforced Stack Protection, and a preview of it is available in Windows 10 Insider Previews.
“As more proactive protections are built into the Windows OS, attackers are shifting their efforts to exploit memory safety vulnerabilities by hijacking the integrity of the control flow,” said David Weston, director of Enterprise and OS Security at Microsoft.
“As an opt-in feature in Windows 10, Microsoft has worked with Intel to offer hardware-enforced stack protection that builds on the extensive exploit protection built into Windows 10 to enforce code integrity as well as terminate any malicious code.”
Intel points to a TrendMicro’s Zero Day Initiative (ZDI) report indicate that 63.2% of the 1,097 vulnerabilities from 2019 to today were memory safety-related.
“These malware types target operating systems (OS), browsers, readers and many other applications. It takes deep hardware integration at the foundation to deliver effective security features with minimal performance impact,” Intel says.
For technical details, you can read A Technical Look at Intel’s Control-Flow Enforcement Technology.