Intel, in partnership with Microsoft, has published a technology preview, showing how innovation in silicon architecture can help protect against advanced code-reuse attack techniques. This is an example of how brilliant minds across the industry can think long term to address cybersecurity problems through improvements in hardware. Key components, such as the central processing unit, play a pivotal role in computer security. The architecture in that chip defines the playing field on which attackers attempt to victimize their targets by outmaneuvering defenders. Software is agile and strives to keep pace in the game against shifting threats. Advances in the silicon design can greatly alter the rules, potentially giving defenders a significant advantage.
Code-reuse attacks have been a longtime problem, dating back almost 20 years. Only recently have these attacks gained in popularity to become a favorite tactic of advanced hackers to compromise applications, operating systems, and devices. Previously, the preferred method of making a computer follow malicious desires was to inject code directly into memory. This tactic has become progressively more difficult due to the introduction of several security features over the years. Now savvy aggressors have turned to code-reuse attacks such as return-oriented programming (ROP) and jump-oriented programming (JOP), which allow for exploitation without code injection. According to Microsoft, almost all exploits discovered in recent years targeting their products have used ROP techniques.
The Frankenstein’s monster of code attacks
Code reuse is technically complex but not overly difficult to understand in concept. Programming code runs together, tightly in memory. It is like an unformatted novel in which there is no punctuation or capitalization and all the words are pressed together to save space. Attackers take advantage of this for their purposes. They analyze the available code, and use sections as a kidnapper might cut words from a newspaper to make a ransom note. They can make just about any story they like, by jumping from one part of the page to another.
Instead of attempting to bypass the multitude of security controls necessary to inject their own malicious instructions into memory, ROP/JOP harvests code snippets, called gadgets, from legitimate programs already in memory. The technique then stitches them together by jumping from one gadget to another, effectively bringing to life a new malware beast.
This tactic has several advantages. It is much stealthier than other techniques and thus more difficult to detect; it is more challenging to conduct forensics after the fact to understand what happened; and, most important, it can work on systems protected by security controls such as address space layout randomization, data execution prevention, and the no-execute bit technology, to achieve the attacker’s goal.
Innovation in Intel Architecture
The Control-flow Enforcement Technology (CET) specification published by Intel leverages the fixed hardware architectures of the CPU to establish controls to help prevent and interfere with code-reuse attacks. Through the use of a shadow stack, pointers, and other mechanisms, CET puts structures in place to protect against the misuse of legitimate code. Baiju Patel, a Senior Principal Engineer for Intel, provides a technical overview in his blog.
CET acts like an editor adding punctuation in the unstructured novel to form coherent sentences. It shows the reader where to start, how to apply emphasis, and when a complete idea ends. Consider a family story with a roomful of hungry children shouting “let’s eat, Grandma!” That’s far different from a darker interpretation of the children shouting “let’s eat Grandma!” One missing comma, a simple marker, changes the entire situation. In the same way, the subtle improvements of CET can have a significant impact on cybersecurity. If attackers try to jump somewhere in the code they should not, CET raises an alarm or blocks the attempt. Such a fundamental control, which must exist within the hardware under the software layer, can make a tremendous difference in stemming the success of code-reuse attacks.
The complete Control-flow Enforcement Technology Preview can be downloaded from Intel. Intel welcomes industry input on the technical specification, but I don’t recommend mentioning Grandma.
The bigger story is better security
Computer security is getting tougher. More devices, software, and uses create a larger landscape for attackers to flourish. Adversaries have too much maneuvering room to evade or bypass protective measures. What is needed, in addition to secure software, are changes to the very foundations of computing architectures to better support security and purposefully limit what attackers can easily accomplish. Hardware becomes an important factor.
Now is the time aggressively stem the impacts of cyber threats across applications, operating systems, and devices. Collaboration across the industry is needed to develop long-lasting capabilities to make computing safer. Key partnerships, such as the one between Intel and Microsoft, are working to find optimal security solutions that will be compatible with future operating systems, services, and applications.
Intel is driving innovation to change the computing playing field, empower stronger operating systems, assist security software, and give the advantage to the defenders. Intel’s best and brightest engineers are concentrating on making Intel Architecture features to make systems more secure. CET is but one example. The brilliant minds at Intel are renowned for making silicon do the impossible and the challenges of cybersecurity are in their sights.