Intel announced today that an upcoming CPU security technology, Control-Flow Enforcement (CET), will deploy for the first time on Tiger Lake CPUs, expected later this year. The new capability may include some ability to protect against attacks like Spectre and Meltdown, though Intel doesn’t directly mention it in any of the briefing material for today. We’ll touch more on that later in this article.
Intel describes CET as addressing “common malware attack methods that have been a challenge to mitigate with software alone.” Specifically, CET is intended to keep hackers from using a security technique known as return-oriented programming (ROP).
Over 15 years ago, AMD and Intel began introducing a feature known as Data Execution Prevention (DEP). DEP, which Windows supported beginning in 2004, prevents applications from taking advantage of buffer overruns to trick a machine into launching malicious code. In a buffer overrun attack, an attacker writes more data into a buffer than can fit, causing the buffer to “leak” into adjacent memory space. The next time the adjacent space is accessed, the code won’t be whatever the OS is expecting — it’ll be a malicious payload intended for some other purpose.
DEP prevented this attack method from working by marking user-addressable memory as non-executable. In response, black hats invented ROP. Instead of attempting to load malicious instructions into user-executable memory, return-oriented programming manipulates instructions already in an area of memory called the stack to perform malicious tasks. Intel CET will prevent malicious applications from hijacking control flow in this manner, through two principle mitigation techniques: Shadow stack and indirect branch tracking.
Shadow stack safeguards the original control flow of the memory stack by creating a second stack, called the control stack. The control stack stores the original memory addresses referenced in the memory stack and restores them to their default values if it detects they’ve changed. The shadow stack appears to act like a parity bit as far as the original memory address values are concerned. Because the shadow stack only stores addresses, the additional memory required is minimal.
The indirect branch tracking mechanism is intended to protect against jump-oriented programming and call-oriented programming. These two methods are similar to ROP, in that they attempt to manipulate otherwise-innocuous bits of software code (“gadgets”) in sequence. But the gadgets they target end in an indirect branch rather than a RET instruction (the term “return-oriented programming” takes its name from the fact that the targeted gadgets in the memory stack all end in a “Return” instruction).
As to whether CET can protect against Meltdown and Spectre? That headline has been making the rounds, but Intel didn’t claim this as a feature today. In the company’s original Meltdown and Spectre documentation, it noted that CET “greatly reduces the gadget space, increasing the difficulty of branch target injection attacks.”
Our guess is that while this will aid in defending against some types of attacks, it isn’t enough of a cover in and of itself for Intel to want to make a major issue of the capability — especially since the company is billing CET as stopping the most common types of malware, while we’ve never seen a single Spectre or Meltdown-based attack in the wild.
Windows 10 2004 supports Intel CET, to enable the capability as soon as Tiger Lake CPUs are available. CET, it should be emphasized, is not a security technology the same way that the Intel Management Engine or Intel Software Guard eXtensions are. Both IME and SGX are efforts to create a more secure hardware enclave or operating mode that’s essentially bolted on to an insecure CPU.
IME creates an execution enclave that the primary OS knows nothing about and SGX attempts to create data enclaves that even a corrupted OS can’t touch. CET, in contrast, just changes what happens when certain kinds of code are executed by the CPU. The impact of CET support should be more akin to DEP, where problems were rare and the software “just worked” for the vast majority of people.
One of the most common statements I’ve seen from end-users in the wake of Spectre, Meltdown, and all of the attacks that have followed is that Intel needs to start designing its chips with security in mind, first and foremost. CET wasn’t created in response to Spectre and Meltdown — Intel has been working on it for longer than those flaws have been known to exist — but it’s an example of how the company is improving its overall x86 security position. We’ll see if Rocket or Alder Lake build on what Tiger Lake brings to the table when those architectures become available over the next 18-24 months.
- Intel Shares PL1, PL2, and Tau Values on 10th Generation CPUs
- Intel Delays Broken 10nm Into 2019, Hires Jim Keller to Fix It
- Jim Keller, AMD’s Chief CPU Architect, Leaves the Company