Intel to Add Hardware-Based Malware Protection to Their CPUs

TechLatest is supported by readers. We may earn a commission for purchases using our links. Learn more.

When it comes to protecting your computer against malware, the majority of people rely on software. Intel announced a new CPU-based security capability known as Control-Flow Enforcement Technology (Intel CET) that offers protection against malware using control-flow hijacking attack methods on devices with Intel’s future Tiger Lake mobile processors.

Intel to Add Hardware-Based Malware Protection to Their CPUs 1

Intel CET

According to Intel, “Intel CET offers software developers two key capabilities to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods. Shadow stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods.”

Security Level

Control-flow hijacking attacks are a prevalent type of malware, that involves manipulating memory and using jump- or call-oriented programming or return-oriented programming to modify existing code. Because it involves modifying the existing code of an application, like a web browser, to carry out malicious actions, traditional anti-virus software can’t detect it.

Intel to Add Hardware-Based Malware Protection to Their CPUs 2

To protect against these types of attacks, Intel CET has two key capabilities. The first one, indirect branch tracking, protects against jump-oriented programming by preventing attackers from jumping to an arbitrary part of the code and instead forcing them to the end branch of an address, ensuring that the attacker can’t modify the code in an unintended way.

Jointly developed by Intel and Microsoft, CET is designed to thwart a technique known as return-oriented programming (ROP), which hackers use to bypass anti-exploit measures software developers introduced about a decade ago. While Intel first published its implementation of CET in 2016, Tiger Lake CPU microarchitecture will be the first to include it.

ROP, COP, JOP attacks

IBT defends against attacks using jump/call-oriented programming (JOP and COP), while SS protects against return-oriented programming (ROP) attacks.

Return Oriented Programming (ROP), Jump Oriented Programming (JOP), and Call Oriented Programming (COP) are techniques used by adversaries to bypass software and operating systems’ built-in anti-malware protections, techniques widely used “in large classes of malware.”

Leave a Comment
Related Topics
Notify of
Inline Feedbacks
View all comments