Intel CET
Intel CET offers software developers two key capabilities to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods. Shadow stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods.
Security Level
This type of malware is often used to steal user data or to carry out other malicious actions. Traditional anti-virus software can’t detect it because it’s modifying the code of an application rather than attacking it directly.
Intel’s second key capability is called speculative execution. This technology allows the processor to predict what code will be executed next, and to take appropriate measures to protect itself from potential attacks. ..
Intel and Microsoft have jointly developed CET, a technique designed to thwart return-oriented programming (ROP). This will be the first time CET has been implemented on a microarchitecture.
ROP, COP, JOP attacks
The IBT defends against attacks using jump/call-oriented programming (JOP and COP), while the SS protects against return-oriented programming (ROP) attacks.
ROP and JOP are techniques used by adversaries to bypass software and operating systems’ built-in anti-malware protections. COP is a technique used by adversaries to bypass software and operating systems’ built-in anti-malware protections.
