Published in PC Hardware

Intel bakes malware protection onto its CPU

by on16 June 2020
Intel bakes malware protection onto its CPU


Control-Flow Enforcement Technology has been developed with Microsoft

Intel is baking some security into its CPUs that’s designed to thwart software exploits that execute malicious code on vulnerable computers.

Control-Flow Enforcement Technology, or CET, represents a fundamental change in the way processors execute instructions from applications such as Web browsers, email clients, or PDF readers.

Jointly developed by Intel and Microsoft, CET is designed to thwart a technique known as return-oriented programming (ROP), which hackers use to bypass anti-exploit measures software developers introduced about a decade ago. While Intel first published its implementation of CET in 2016, Tiger Lake CPU microarchitecture will be the first to include it.

For those not in the know, ROP  was the hackers answer to protections such as Executable Space Protection and address space layout randomisation, which made their way into Windows, macOS, and Linux a little less than two decades ago.

ROP attacks repurpose functions that benign applications or OS routines have already placed into a region of memory known as the stack. The “return” in ROP refers to use of the RET instruction that’s central to reordering the code flow.

CET changes the CPU by creating a control stack. This stack cannot be modified by attackers and doesn’t store any data. It stores the return addresses of the Lego bricks that are already in the stack. Because of this, even if an attacker has corrupted a return address in the data stack, the control stack retains the correct return address. The processor can detect this and halt execution.

CET also provides a host of additional protections, some of which thwart exploitation techniques known as jump-oriented programming and call-oriented programming, to name just two. ROP, however, is among the most interesting aspects of CET.

But Chipzilla’s history with built-in security functions has not been that great. Software Guard eXtension and its Converged Security and Management Engine have not exactly functioned as well as Intel hoped.

A steady stream of security flaws discovered in both CPU-resident features, has made them vulnerable to a variety of attacks over the years. The most recent SGX vulnerabilities were disclosed just last week.

Last modified on 16 June 2020
Rate this item
(0 votes)
Tagged under
More in this category: « Fusion dual and quad are 32nm Core i5 760 to launch in Q3 2010 »
back to top

Most popular - Processors

Latest comments

Read more about: