Their planned “Tiger Lake” mobile processers will offer CPU-level malware protection features.
Tom Garrison is Intel’s VP & General Manager of Client Security Strategy and Initiatives.
Tom had this to say about the planned features:
“Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks–widely used techniques in large classes of Malware…Intel has been actively collaborating with Microsoft and other industry partners to address control-flow hijacking by using Intel’s CET technology to augment previous software-only control-flow integrity solutions.”
Specifically, Intel’s CET provides two new capabilities to help guard against control-flow hijacking malware: Indirect Branch Tracking (IBT) and Shadow Stack (SS). Collectively, these two new tools work by defeating malware designed to use ROP (Return Oriented Programming), JOP (Jump Oriented Programming) and COP (Call Oriented Programming).
“The significance of Intel CET is that it is built into the microarchitecture and available across the family of products with that core…While Intel vPro platforms with Intel Hardware Shield already meet and exceed the security requirements for Secure-core PCs, Intel CET further extends advanced threat protection capabilities….when used properly by software, [it] is a bit step in helping prevent exploits from hijacking the control-flow transfer instructions.”
As mentioned, the new capabilities will initially roll out for mobile processors, but the company has plans in the work to expand the microarchitecture into desktop and server platforms as well.
This is good news and we’re excited to see the hardware’s capabilities in action. Of course, it remains to be seen how effective the new protections will be, but industry experts are cautiously optimistic.