On June 16, Intel announced the addition of Control Flow Enforcement Technology (CET), a hardware-based protection against common malware, to their upcoming Tiger Lake mobile CPU.
Intel worked with Microsoft for about four years.
As described by Chipmaker CET in 2016, the hard-ware protection measure regulates the control flow of operations in the CPU. Often, malware writers interfere with the control flow of apps by entering malicious code and running one app across another.
CET restricts control flow intervention through two different modes: indirect brand tracking and shadow stack.
In indirect branch tracking, the app imposes some restrictions on the use of the CPU brand table. This is a method that transfers program control to another part of the same program or to another program.
Indirect branch tracking is protected by Jump Oriented Programming and Call Oriented Programming. These are the two most commonly used malware by malware writers to distort the control flow of applications.
In the case of the shadow stack, it is the mechanism that creates a duplicate control flow in an app and stores it in a safe place on the CPU from application code memory access.
Protects the Shadow stack from Return-Oriented Programming. This is a technology used by malware writers to hijack the intended code of flow of an app.
CPUs with CET only work with the support of the operating system. Microsoft has already included CET support in the Windows 10 2004 version. The release date of Tiger Lake architecture-based CPUs has not yet been announced by intel.
This is not the first time Intel has adopted a hardware-based approach to dealing with malware attacks. Previously they used baked SGX or Software Guard extension on their CPUs. However, it did not give the results the company had hoped for. When we launch CET we will be able to see how effective it is.