There’s no way to make a computer completely malware-proof. However, the closer malware protections are to its central processor, the more secure it generally is. As such, integrating those safeguards into the chip itself can help fend off many different cyberattacks. That’s exactly what Intel is doing with its forthcoming Tiger Lake processors.
The chipmaker announced on Monday that its experimental feature called Intel Control-Flow Enforcement (CET) will be found in its latest mobile processor lineup.
Malware comes in all shapes and sizes. Cybercriminals don’t hesitate to exploit the same weaknesses when they are found. Sometimes, a problem can be patched with a software update. Other times, doing so is much more challenging. That’s the case for control-flow hijacking attacks. The technique is widely used in multiple classes of malware and thus is a major problem for the cybersecurity world.
Unfortunately, addressing the problem with software alone has proven to be ineffective. Intel’s move to do so with hardware is a notable solution.
In a company press release, it says, “These malware types target operating systems (OS), browsers, readers and many other applications. It takes deep hardware integration at the foundation to deliver effective security features with minimal performance impact.”
While the feature is just now arriving, Intel has been working on CET since 2016. As the name suggests, the technology deals with the order in which operations are carried out inside the CPU.
Intel notes that CET will be included with every chip built on its 10nm Tiger Lake microarchitecture. It also says that CET will eventually be included in future desktop and server platforms. Exactly when that will occur remains unknown.
Ready for Action
At first glance, it might seem like Intel’s new security protections will be difficult to implement. However, since the company has been working on CET for more than four years, developers have had sufficient time to prepare.
That means that most major platforms are either ready or almost ready to support the feature. Microsoft has added support for Windows Insiders through a feature called Hardware-enforced Stack Protection. That will allow the feature to be included in future Windows 10 updates for devices that have the right chipset.
David Weston, Microsoft’s director of enterprise and OS security, says, “As an opt-in feature in Windows 10, Microsoft has worked with Intel to offer hardware-enforced stack protection that builds on the extensive exploit protection built into Windows 10 to enforce code integrity as well as terminate any malicious code.”
The only thing left for Intel to do before CET can start doing its job is to ship CPUs that are built on its Tiger Lake microarchitecture. From there, app and operating system developers will be able to activate support for the security protection and allow users to opt-in to it.