Intel is Innovating to Stop Cyber Attacks

Intel, in partnership with Microsoft, has published a technology preview, showing how innovation in silicon architecture can help protect against advanced code-reuse attack techniques. This is an example of how brilliant minds across the industry can think long-term, to make great strides in addressing cybersecurity problems through improvements in hardware. Key components, such as the Central Processing Unit (CPU), play a pivotal role in computer security. The architecture in that chip defines the playing field where attackers attempt to victimize their targets by outmaneuvering defenders. Software is agile and strives to keep pace in the game against shifting threats. Advances in the silicon design can significantly change the rules, potentially giving defenders a significant advantage.

Code reuse attacks have been a longtime problem, dating back almost 20 years. It is only recently they have gained in popularity to become a favorite tactic used by the most advanced hackers to compromise applications, operating systems, and devices. Previously, the preferred method of making a computer follow your malicious desires was to inject code directly into memory to be run. This tactic has become progressively more difficult due to the introduction of several security features over the years. So now, savvy aggressors have turned to rely on code-reuse attacks like Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) which allow for exploitation without code injection. According to Microsoft, almost all exploits discovered in recent years targeting their products have used ROP techniques.

The Frankenstein’s Monster of code attacks
The way it works is technically complex but not overly difficult to understand in concept. Programming code runs together, tightly in memory. It is like an unformatted novel where there is no punctuation or capitalization and all the words are pressed together to save space.

Attackers take advantage of this for their purposes. They analyze the available code, and use sections like a kidnapper might cut words from a newspaper to make a ransom note. They can make just about any story they like, by jumping from one part of the page to another.