 |
| (pc- google images) |
Tech-giant Intel has come up with a plan
to defeat attacks that use return-oriented programming (ROP) to exploit memory
vulnerabilities. The chip-level plan would block malware infections on
computers at the processor level.
The new measures are reviewed in a
specification from Intel which describes the Control-flow Enforcement
Technology (CET) and its attempt to overcome exploits that use ROP and
jump-orientated programming (JOP).
Attackers can use ROP and JOP to execute malicious code to bypass operating-system security measures, such as non-executable memory and code signing.
Baidu Patel, director of the platform security architecture and strategy team in Intel's Software and Services group said, “ROP or JOP attacks are particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behaviour.”
"What makes it hard to detect or prevent ROP/JOP is the fact that attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success," Patel added.
CET works by introducing a shadow stack – which only contains return addresses, is held in system RAM, and is protected by the CPU's memory management unit. These shadow stacks are isolated from the data stack and protected from tampering.
CET focuses on CALL and RETURN instructions and compares a return address that is stored in the data with the shadow stack. If the addresses don't marry up, an exception is flagged.
According to Patel, a CET spec is a perfection of techniques that Intel and Microsoft have jointly grown over a past 7 years directed during anticipating a extensive counterclaim opposite ROP/JOP attacks.
