Intel to add anti-malware tech to processors

Chip giant Intel intends to add hardware protection against common malware attacks into its processors, work that is four years in gestation.

Intel Tiger Lake. Source: Intel.

Known as control-flow enforcement technology or CET, the protection measures target three types of attacks used by malware writers and can be enabled by software developers.

These include jump and call oriented programming (JOP and COP) that allow attackers to misuse existing code to jump to arbitrary memory addresses used by running programs, to change those programs' behaviour.

CET restricts JOP/COP attacks in software, with indirect branch tracking (IBT) that prevents such arbitrary address jumping.

Another popular malware technique is return-oriented programming (ROP), in which attackers pervert the intended flow of code in a legitimate program and turn it to malicious actions.

ROP attacks are hard to detect, and target operating systems, web browsers and document and image reader apps.

Using CET, developers can program operating systems to create a Shadow Stack area that stores return memory addresses held in processors.

Since it is protected against application code memory access, Shadow Stacks can't be modified. 

CET will detect if there's a mismatch between what's stored in the Shadow Stack, and what's in the program's data stack and will throw an exception to the operating system to prevent attacks.

The new security features will appear in Intel's upcoming Tiger Lake mobile processor range, and Microsoft has added support for CET in Windows 10 Insider previews, calling it Hardware-enforced Stack Protect.

How effective CET will be remains to be seen.

Sounding a cautionary note when announcing the CET-enabled CPUs, Intel said that "no product or component can be absolutely secure".

CET is in its third revision [pdf] since 2016.