Intel comes late to the game but will be delivering an embedded defense for Return Oriented Programming (ROP) types of cyber hacks.
The feature, to debut in the Tiger Lake microarchitecture in 2021 according to Intel, will be marketed as a Control-Flow Enforcement Technology (CET) that is designed to disrupt a class of exploits that seek to leverage bits of code that are already trusted.
These ROP attacks use chunks of code from other software and hobble them together to create a malicious outcome. In the hacking world, it is similar to Frankenstein’s monster, where something grotesque is assembled from various innocent parts. ROP hacking techniques are great at evading detection and therefore a favorite among the higher classes of skilled threat actors.
Embedding the CET feature into the hardware and firmware provides a few advantages over trying to mitigate these attacks solely at the operating system level.
First, there is the performance factor. Code that is specifically optimized by hardware moves significantly faster than traditional software components, so this should have a much less impact on system performance. Secondly, depending upon how it is configured to run, the hardware can add additional protection features to reduce the chances it can be disabled, modified, or compromised by adversaries.
Unfortunately, that is not the whole picture, as there are potential drawbacks for embedding such designs lower in the system stack. Namely, if there is a vulnerability in the code, it could be very difficult to patch or correct. Let’s face it, Intel’s reputation is not the greatest as of late when it comes to dealing with vulnerabilities in their products.
Overall, I am excited at the prospect of disrupting ROP types of attacks. I fully expect the best and brightest hackers will work to find ways around the protections, but that takes time and resources. This is how the game is played. It is great when new technology takes the initiative to force the attackers to adapt.
The value for CET greatly depends on OS vendors’ adoption, if it has the right balance of features that are hardened, and if it runs with such efficiency that it does not overly burden system performance. Expects tests and reviews after Tiger Lake comes to market, to determine if it is simply a superficial marketing tactic or if CET represents a robust capability to mitigate hacking risks.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.