As computer security has become more sophisticated over time, hackers have also gotten more creative in bypassing system security. One such way is hijacking the control flow and exploiting memory safety to wreak havoc on a computer system. This technique is difficult to defend against using just software and has therefore become increasingly popular among hackers to exploit weaknesses in system protections. However, Intel has developed a new on-chip security breakthrough called Intel Control-Flow Enforcement Technology (Intel CET) to stop malware attacks from hijacking the control flow of a CPU. Intel CET is meant to offer an added layer of defense against these types of attacks at the CPU-level and will debut on the company’s upcoming Tiger Lake processors.
What makes these malware attacks so difficult to identify and prevent is the fact that they use existing code in the CPU’s executable memory to change the behavior of the program to suit their own purpose. This is achieved through Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks that hand over control of the program control flow to the hacker to do as he/she wishes.
Intel CET offers protection from each of these attacks by using two methods, indirect branch tracking and shadow stack. Software developers can use indirect branch tracking for protect each individual branch of their programs and prevent JOP attacks from unwanted jumping to arbitrary addresses in the program control flow. Similarly, shadow stack helps prevent ROP attacks by offering return address protection by cross checking return addresses between the real stack and the shadow stack.
Microsoft and Intel have been working to integrate the new technology with Windows 10, and a preview of the support software called Hardware-enforced Stack Protection has been made available in the Windows 10 Insider Previews. Furthermore, Intel says we can expect the new technology to be available in desktop and server platforms soon.