Jun 16, 2020 13:30:00

Intel introduces new technology 'CET' to protect against malware attacks at the chip level in next-generation mobile processor 'Tiger Lake'

Intel announced on June 15, 2020 that a new chip-level security feature, Control-Flow Enforcement Technology (CET) , will be installed in the next-generation mobile processor,

Tiger Lake . By providing security features at the chip level, CET can protect devices from malware attacks that are difficult to protect with software alone.

Intel CET Answers Call to Protect Against Common Malware Threats | Intel Newsroom
https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/#gs.8ogtop

Intel brings novel CET technology to Tiger Lake mobile CPUs | ZDNet
https://www.zdnet.com/article/intel-brings-novel-cet-technology-to-tiger-lake-mobile-cpus/

Intel will soon bake anti-malware defenses directly into its CPUs | Ars Technica
https://arstechnica.com/information-technology/2020/06/intel-will-soon-bake-anti-malware-defenses-directly-into-its-cpus/

Malware running on the device may exploit vulnerabilities in other apps to take control of the CPU and execute malicious code. The

first preview specification was announced in 2016, CET said that it will provide a protection function that prevents the control flow of the CPU from being hijacked in order to prevent malicious code from being executed on the computer.

To prevent control flow hijacking, CET offers two protections: 'shadow stack' and 'indirect branch tracking.' The 'shadow stack' protects the device from return-oriented programming (ROP) attacks that abuse the return (RET) instruction, so a copy of the control flow intended by the application is made and stored in the shadow stack, which is a safe area of the CPU. However, it is a mechanism to prevent fraud in the execution order of the application.

In addition, 'indirect branch tracking' is a protection function that limits the functions of applications that use the CPU's jump table to prevent jump-oriented/call-oriented programming (JOP/COP) attacks that abuse branch instructions (jump instructions). I am.

On June 15, 2020, Intel announced that the next generation mobile processor 'Tiger Lake' will be the first processor available for CET. Tiger Lake is a processor based on the 10nm process node, and the products on board will be shipped in 2020.

by

Thomas Hawk

ROP attacks and JOP attacks change the behavior of programs by modifying the legitimate code that is allowed to execute, so it was difficult to detect and prevent by software. Intel claims that CET can detect anomalies and stop execution of malicious code by taking chip-level defenses to solve this problem.

'Because there are no effective software mitigations for ROP, CET is very effective at detecting and stopping this class of vulnerabilities,' said Alex Ionescu, vice president of engineering at security firm CrowdStrike . I commented.

In addition, Intel is working closely with Microsoft, and the CET-enabled feature Windows calls ` ` Hardware-enforced Stack Protection '' was added to Windows 10 Insider Previews at the time of writing the article. It is said that.

by Brian Klug