Intel is getting ready to launch a new security product that could dramatically reduce opportunities for hijacking. Called Intel Control-Flow Enforcement Technology (Intel CET), the product is designed to protect against the misuse of legitimate code through control-flow hijacking attacks. This technique is widely used in large classes of malware, and it’s been a challenge to mitigate the problem with software alone. Intel CET will offer CPU-level security capabilities from Intel’s upcoming mobile processer — code-named Tiger Lake — onwards.
As computer security has become more advanced, hackers have become more resourceful, increasingly finding ways to bypass protections – exploiting memory safety is one such way. Return Oriented Programming (also known as ROP) and Jump Oriented Programming (also known as JOP) in particular are popular with nefarious types. JOP or ROP attacks can be hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behavior.
Intel CET offers software developers two main ways to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against JOP attack methods, while shadow stack delivers return address protection to help defend against ROP attack methods. And again, it’s all built into the hardware, which means its better able to tackle threats at source than software.
Intel says that the product will eventually be available in future desktop and server platforms, but it’s already been working with Microsoft to integrate it with Windows 10. Microsoft’s upcoming support for Intel CET in Windows 10 will be called Hardware-enforced Stack Protection, and a preview of it is available today in Windows 10 Insider Previews.