Intel today announced a new CPU-level security capability known as Control-Flow Enforcement Technology (Intel CET) that offers protection against malware using control-flow hijacking attack methods on devices with Intel's future Tiger Lake mobile processors.
"Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks–widely used techniques in large classes of malware," Intel VP & GM of Client Security Strategy and Initiatives Tom Garrison said.
"Intel has been actively collaborating with Microsoft and other industry partners to address control-flow hijacking by using Intel’s CET technology to augment the previous software-only control-flow integrity solutions," Intel Fellow, Client Computing Group, Baiju Patel added.
ROP, JOP, and COP attacks
Intel CET (tech spec available here) provides two new key capabilities to help guard against control-flow hijacking malware: Shadow Stack (SS) and Indirect Branch Tracking (IBT).
IBT defends against attacks using jump/call oriented programming (JOP and COP), while SS protects against return-oriented programming (ROP) attacks.
Return Oriented Programming (ROP), Jump Oriented Programming (JOP), and Call Oriented Programming (COP) are techniques used by adversaries to bypass software and operating systems' built-in anti-malware protections, techniques widely used "in large classes of malware."
Attacks using these techniques can be especially hard to detect or block since the malicious actors who employ them use already existing code from executable memory to change how a program behaves.
Source: Intel
As part of ROP attacks, the adversaries will use RET ( ..
Support the originator by clicking the read the rest link below.
