Intel's next-generation CPU for notebooks protects against "common malware attacks"?

Mmo
Intel's next-generation CPU for notebooks protects against "common malware attacks"?

Intel has borne the brunt of criticism for a series of side-channel vulnerabilities affecting its processors over the decades, namely Spectre and Meltdown, and in some cases subsequent software patches that could adversely affect performance. As a partial response to this, Intel is working on hardware-level safeguards for future CPUs; starting with Tiger Lake, we will see such implementations.

This new security feature is called Intel Control-Flow Enforcement Technology (CET). As the name implies, it is intended to prevent hackers from launching Control-Flow hijacking attacks. According to Intel, CET "helps protect against common malware attack methods that have been difficult to mitigate with software alone."

Intel provides a technical breakdown of the technology, but in layman's terms, CET is designed to plug security holes in the way the CPU handles data going to and from memory.

"As more proactive protections are built into the Windows OS, attackers are shifting their efforts to exploit memory safety vulnerabilities by hijacking the integrity of the control flow," says David Weston, director of enterprise and OS security at Microsoft David Weston said. "As an opt-in feature of Windows 10, Microsoft is working with Intel to provide hardware-forced stack protection that enforces code integrity and terminates malicious code based on the extensive exploit protection built into Windows 10. [CET is part of the Tiger Lake microarchitecture, but support from the OS is also required; in Windows 10, CET support is called "Hardware-enforced Stack Protection" and is currently being tested in the Windows Insider program

This is how well it works.

"How important is this?" said Intel, pointing to a Trend Micro report showing that of the 1,097 zero-day vulnerabilities disclosed from 2019 to date, nearly two-thirds were related to memory safety.

"These types of malware target operating systems (OS), browsers, readers, and many other applications. Effective security features with minimal performance impact require deep hardware integration at the foundation," Intel said.

Tiger Lake will be the first CPU series to feature CET, but it will not be the last. According to Intel, CET will also be included in future desktop and server platforms.

Categories