By Tom Garrison
The security of our customers’ data is a top priority at Intel. As part of Intel’s Security First Pledge, our engineers continue to deliver advancements to help safeguard our technology from evolving cyber-threats. It begins with designing and engineering security features into our products and continues in our work with the industry to move security innovation forward.
Today, we are announcing a new security capability. Intel® Control-Flow Enforcement Technology (Intel CET) will be first available on Intel’s upcoming mobile processor code-named “Tiger Lake.” Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone.
Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks – widely used techniques in large classes of malware. Intel CET offers software developers two key capabilities to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods. Shadow stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods. These types of attack methods are part of a class of malware referred to as memory safety issues, and include tactics such as the corruption of stack buffer overflow and use-after-free. For technical details, see A Technical Look at Intel’s Control-Flow Enforcement Technology.
According to TrendMicro’s Zero Day Initiative (ZDI), 63.2% of the 1,097 vulnerabilities disclosed by ZDI from 2019 to today were memory safety related. These malware types target operating systems (OS), browsers, readers and many other applications. It takes deep hardware integration at the foundation to deliver effective security features with minimal performance impact.
Intel was the first to tackle these complex security challenges, and we remain committed to working with the industry to drive security innovation. We recognized that scaling OS and application adoption to truly solve the problem would require industrywide collaboration. To accelerate adoption, we published the Intel CET specifications in 2016. Additionally, Intel and Microsoft have been working closely to prepare Windows 10 and developer tools so applications and the industry at large can offer better protection against control-flow hijacking threats.
“As more proactive protections are built into the Windows OS, attackers are shifting their efforts to exploit memory safety vulnerabilities by hijacking the integrity of the control flow,” said David Weston, director of Enterprise and OS Security at Microsoft. “As an opt-in feature in Windows 10, Microsoft has worked with Intel to offer hardware-enforced stack protection that builds on the extensive exploit protection built into Windows 10 to enforce code integrity as well as terminate any malicious code.”
Microsoft’s upcoming support for Intel CET in Windows 10 is called Hardware-enforced Stack Protection, and a preview of it is available today in Windows 10 Insider Previews. This new Hardware-enforced Stack Protection feature only works on chipsets with Intel CET instructions. It relies on a new CPU architecture that is compliant with Intel CET specifications. For applications running on an OS that supports Intel CET, users can expect detailed guidance from our partners on how applications “opt-in” for protection.
The significance of Intel CET is that it is built into the microarchitecture and available across the family of products with that core. While Intel vPro® platforms with Intel® Hardware Shield already meet and exceed the security requirements for Secured-core PCs, Intel CET further extends advanced threat protection capabilities. Intel CET is also expected to be available in future desktop and server platforms.
As our work here shows, hardware is the bedrock of any security solution. Security solutions rooted in hardware provide the greatest opportunity to provide security assurance against current and future threats. Intel hardware, and the added assurance and security innovation it brings, help to harden the layers of the stack that depend on it.
The security of our products is an ongoing priority, not a one-time event. Together with our partners and customers, we continue to build a more trusted foundation for all computing systems.
Tom Garrison is vice president of the Client Computing Group and general manager of Security Strategies and Initiatives (SSI) at Intel Corporation.