Antimalware protection in Intel Tiger Lake chips

Antimalware protection in Intel Tiger Lake chips Cybersecurity

The security capabilities built into upcoming Intel Tiger Lake chips must thwart in-memory attacks. The security technology of the latest generation of Intel processors must make it possible to block the operation of malicious applications.

As tradition dictates, mobile devices will be the primary beneficiaries of Intel’s Tiger Lake processors. For at least two decades, the founder has been in the habit of delivering laptop chips before processors for office machines and servers. Server chips are last on the list because their architecture expands the core platform with server-oriented instructions. And it’s not enough to plug them in for them to work. Intel has made a lot of noise around the performance of Tiger Lake, saying that the performance of its embedded GPU would be comparable to that of a discrete GPU from Nvidia or AMD. We will have to wait for the testers’ opinion to verify it.

In terms of security, the big change expected with the Tiger Lake chips is the addition of Control-Flow Enforcement Technology (CET). Intel’s CET technology manages the order in which operations are executed inside the CPU. Malware can use vulnerabilities in other applications to hijack their control flow and insert malicious code into the application, so that the malware runs inside a valid application, making it very difficult to detect by software-based antivirus programs. These in-memory attacks differ from writing code to disk or requesting ransom via ransomware.

The preferred target memory of cyber hackers

According to the Zero Day Initiative of TrendMicro (ZDI) cited by Intel, 63.2% of the 1097 vulnerabilities revealed by the ZDI between 2019 and today have to do with memory security. “It takes deep hardware integration from design to implement effective security features while minimizing performance impact,” wrote Tom Garrison, vice president of Client Computing Group and general manager of strategies and security initiatives at Intel in a blog post announcing the products. “As our work shows, hardware is the basis of any security solution. Security solutions built into the hardware provide the best security assurance against the threats of today and tomorrow. Intel’s hardware, and the security and innovation it brings, helps strengthen the layers of the battery that depend on it, “said Garrison.

The CET protects the control flow by relying on two new security mechanisms: the phantom battery and indirect monitoring at branch level. The phantom stack makes a copy of the expected control flow of an application and stores it in a secure area of ​​the central unit to ensure that no unauthorized changes take place in the order in which the scheduled execution application. Malware works by diverting the intended execution order of an application, and the ghost stack therefore makes it possible to block malware. Indirect tracking at the branch level protects against two techniques called jump-oriented programming (JOP) and call-oriented programming (COP), where the malware abuses JMP (jump) or CALL instructions to divert the jump tables from one legitimate application.

Expected with the Xeon 2022

So when will we find Xeon chips with the CET function? The answer is simple: it’s not for tomorrow. Intel is preparing to release Cooper Lake, and there is no mention of CET in the information published by the founder. Cooper Lake is oriented towards AI and HPC. The CET will likely be integrated into the next generation of Xeon chips, and at Intel, the delivery schedule for this family of chips is not very fast. Generally, they are launched every two years. Intel is expected to launch Xeon chips based on the Ice Lake design later this year, while the Ice Lake chip has been available for desktop and portable machines since 2018. So be patient. But according to Intel, the technology should arrive in Xeon chips.

The first CET specification was delivered in 2016 by Intel, but the founder put it on hold to give developers time to adjust their applications for the CET. They will thus be able – including developers of Microsoft Windows and Linux operating systems – to support the CET instructions in order to offer the protection offered by CET. Intel worked with Microsoft to integrate CET into Windows 10. Microsoft’s support for CET in Windows 10 has been dubbed “Hardware-enforced Stack Protection”. An overview of this support is available today for Windows Insiders subscribers.

Source: www.lemondeinformatique.fr

Rate article