Intel announced today that its experimental CET security feature will be available for the first time on Tiger Lake's upcoming portable CPUs.
Intel has been working at CET, which has been using Control-flow Enforcement Technology since 2016, when it first published the first version of CET.
As its name implies, CET deals with "control flow", a technical term used to describe the order in which operations are performed within the CPU.
Malware running on a device can use vulnerabilities in other applications to violate their control flow and enter its malicious code to run within another application.
In the future Tiger Lake CPU for mobile devices Intel's CET will protect the flow of control through two new security mechanisms, called shadow stack and indirect branch monitoring.
Shadow stack refers to the creation of a copy of the projected control flow of an application, its storage shadow stack in a secure area of the CPU and its use to ensure that unauthorized changes are not made to the intended execution order of an application.
Intel says the CET shadow stack will protect users from a technique called Return Oriented Programming (ROP), where malware abuses the RET (return) command to attach its malicious code to the application's legal control stream.
On the other hand, the technique "indirect branch trackingRefers to limiting and adding additional protections to an application's ability to use CPU "jump tables", which are tables containing memory locations (re) used throughout an application's control flow.
Intel says indirect branch tracking protects against two techniques called Jump Oriented Programming (JOP) and Call Oriented Programming (COP), where malware abuses JMP or CALL instructions to invade the application's legitimate jump tables. .
Because Intel released the CET specification in 2016, software developers had time to customize their code for the first line of Intel processors to support it.
CET support has already been converted to Glibc, and Microsoft has also added CET support to Windows Insiders, with the feature called Stack Protection.
All you need now is for Intel to release processors that support CET instructions, and therefore applications that are functional. systems they can activate the support and select the protection provided by CET.
CET released today for Intel's portable CPU series that use Tiger Lake microarchitecture, but the technology will also be available in desktop platforms and server, said Tom Garrison, vice president of Client Computing Group and director general of security and initiative strategies (SSI) at Intel Corporation.