A new feature is heading to Intel’s Tiger Lake CPUs that may help to mitigate common malware attacks.
The feature is known as Intel Control-Flow Enforcement Technology (CET) and it will first become available in the aforementioned Tiger Lake CPUs.
The firm says that CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks. This protection is accomplished through to defensive capabilities: indirect branch tracking and shadow stack.
Indirect branch tracking helps defend against jump orientated programming (JOP) and call orientated programming (COP) attacks. Shadow stack defends against return orientated programming (ROP) attacks.
Together these two capabilities help to defend against malware. Intel has explained the nitty gritty of this solution and how CET addresses the various attack vectors being employed by cybercriminals. You can find that information here alternatively the image below gives a decent overview of how CET works.
“It relies on a new CPU architecture that is compliant with Intel CET specifications,” explained Intel.
“The significance of Intel CET is that it is built into the microarchitecture and available across the family of products with that core. While Intel vPro platforms with Intel Hardware Shield already meet and exceed the security requirements for Secured-core PCs, Intel CET further extends advanced threat protection capabilities. Intel CET is also expected to be available in future desktop and server platforms,” the firm added.
Intel added that security is not a one-time event and that it is an ongoing procedure.
This is a rather cool feature but we’ll have to see how it works out in the wild.
[Source – Intel]