Enlarge /. A mobile PC processor codenamed Tiger Lake. It will be the first CPU to offer a security feature known as control flow enforcement technology.
The history of hacking was largely a back and forth game in which attackers developed a technique to break through a system, defenders developed a countermeasure to prevent the technique, and hackers developed a new way to bypass system security. On Monday, Intel announced plans to bake a new parade directly into its CPUs to prevent software exploits from executing malicious code on vulnerable computers.
Control-Flow Enforcement Technology [CET] represents a fundamental change in the way processors execute instructions from applications such as web browsers, email clients or PDF readers. CET was jointly developed by Intel and Microsoft to thwart a technique known as return-oriented programming that hackers circumvent anti-exploit measures that software developers introduced about a decade ago. While Intel first released CET's implementation in 2016, the company announced on Monday that the Tiger Lake CPU microarchitecture would be the first to include it.
ROP, as return-oriented programming is usually called, was the reaction of software exploiters to protective measures such as executable space protection and randomization of the address space layout, which found their way into Windows, MacOS and Linux a little less than two decades ago. These safeguards are designed to significantly reduce the damage software exploits can do by making changes to system memory that prevent malicious code from executing. Even if a buffer overflow or other vulnerability was successfully fixed, the exploit only resulted in a system or application crash, not a serious system compromise.
With ROP, attackers could regain the highlands. Instead of using malicious code written by the attacker, ROP attacks use functions that benign applications or operating system routines have already stored in a memory area called a stack. The "return" in ROP refers to the use of the RET instruction, which is central to the reordering of the code flow.
Alex Ionescu, an experienced Windows security expert and technical director of security company CrowdStrike, likes to say that ROP uses the same Lego parts if a harmless program is like a building made of Lego blocks that were built in a specific order, but in a different order. ROP converts the building into a spaceship. The technique can bypass anti-malware protection by using memory-resident code that can already be executed.
CET introduces changes in the CPU that create a new batch called the control batch. This stack cannot be changed by attackers and does not save any data. It stores the return addresses of the Lego blocks that are already in the stack. For this reason, even if an attacker has damaged a return address in the data stack, the control stack maintains the correct return address. The processor can recognize this and stop execution.
"Because there is no effective software mitigation against ROP, CET will very effectively detect and stop this class of vulnerabilities," said Ionescu. "Previously, operating systems and security solutions had to guess or conclude that ROP had occurred, perform forensic analysis, or determine the payload / impact of the second-level exploit."
Not that CET is limited to defending against ROP. CET offers a variety of additional safeguards, some of which thwart exploitation techniques known as jump-oriented programming and call-oriented programming, to name just two. However, ROP is one of the most interesting aspects of MEZ.
Those who don't remember the past
Intel has other security features built into its CPUs that do less than excellent results. One of them is Intel SGX, short for Software Guard eXtension, which is supposed to work out impenetrable parts of the protected memory for security-relevant functions such as the creation of cryptographic keys. Another security add-on from Intel is the Converged Security and Management Engine or simply the Management Engine. It is a subsystem in Intel CPUs and chipsets that implements a variety of sensitive functions, including the firmware-based Trusted Platform Module for silicon-based encryption, the authentication of the UEFI BIOS firmware as well as Microsoft System Guard and BitLocker.
However, a steady stream of security holes discovered in both CPU resident functions has made them vulnerable to a variety of attacks over the years. The latest SGX vulnerabilities were only announced last week.
It's tempting to think that MEZ will be similarly easy to defeat, or worse, will expose users to hacks that would not have been possible if protection had not been added. However, Joseph Fitzpatrick, hardware hacker and researcher at SecuringHardware.com, says that his optimistic CET will perform better. He explained:
A clear difference that makes me less skeptical about these types of features than SGX or ME is that they both add security features rather than enhancing existing features. ME basically added a management level outside of the operating system. SGX adds operating modes that should not theoretically be manipulated by a malicious or compromised operating system. CET only adds mechanisms to prevent normal operations – returning to addresses outside the stack and jumping to and from the wrong places in the code – from completing successfully. If CET does not do its job, only normal operation is possible. The attacker is not granted access to other functions.
As soon as CET-capable CPUs are available, protection only works if the processor is running an operating system with the required support. Windows 10 version 2004 released last month offers this support. Intel still doesn't say when Tiger Lake CPUs will be released. While protection could offer defenders an important new tool, Ionescu and his colleague Yarden Shafir have already developed bypasses for it. Expect them to end up in real attacks within the decade.