Intel's anti-malware CET technology to be included in Tiger Lake CPUs

CET is designed to prevent malicious programmes from altering the control flow of applications, Intel says

Intel announced on Monday that it will add new anti-malware Control-flow Enforcement Technology (CET) into its upcoming Tiger Lake Mobile CPUs.

The chipmaker has been working on the technology since 2016. It says CET can help deal with control flow in the processor (order in which tasks are completed in the processor), preventing malicious programmes from altering the control flow of other applications, such as web browsers, word processors, PDF readers, etc.

Intel's upcoming Tiger Lake processors, which will be used in laptops under the Intel Core brand, will be the first family of processors to use the CET security feature, according to the company.

In future, the chipmaker will include CET into its server, desktop and vPro processors as part of the company's remote IT management platform.

Tom Garrison, Intel's vice president of the Client Computing Group, said in an online post that CET is a set of silicon-level instructions that provide protection against exploitation of legitimate code through control-flow hijacking attacks.

Such attacks are usually difficult to mitigate through software, which prompted Intel to develop the CET security feature.

According to Garrison, Intel CET It will offer protection through two main capabilities: shadow stack and indirect branch tracking.

Shadow stack provides return address protection and helps to defend against return-oriented programming (ROP) attack methods, which hackers use to circumvent anti-exploit measures introduced by software developers a decade ago.

Indirect branch tracking technique provides protection against jump/call-oriented programming (JOP/COP) attack methods.

ROP and JOP/COP attack methods are commonly used in a class of malware referred to as memory safety issues and include tactics such as stack buffer overflow corruption and use-after-free.

According to Garrison, Microsoft will provide support for Intel CET in Windows 10 OS through Hardware-enforced Stack Protection feature. A preview of this feature is available in Windows 10 Insider Previews.

While releasing the early preview of the feature in March, Microsoft said that it would help enforce strict management of the memory stack and enable apps to utilise the local CPU hardware to protect their code from attacks.

This new feature will work only on chipsets with Intel CET instructions, and will have "very minimal" impact on performance, according to Intel.

The semiconductor giant also said that it is working with many other software developers and compiler vendors to support CET technology.