CET & Shadow Stack

👉 Overview

👀 What ?

Control-flow Enforcement Technology (CET) and Shadow Stack are cutting-edge cybersecurity technologies. CET is a set of hardware-based security enhancements developed by Intel, designed to protect against common malicious exploit techniques. Shadow Stack is a key component of CET that helps prevent return-oriented programming (ROP) and jump-oriented programming (JOP) attacks.

🧐 Why ?

CET and Shadow Stack are significant as they address common vulnerabilities in the existing cybersecurity frameworks. They help protect systems against sophisticated cyberattacks, thereby enhancing overall system security. Today, with the escalating frequency and sophistication of cyber threats, these technologies are more critical than ever.

⛏️ How ?

To leverage CET and Shadow Stack, systems must have processors that support these technologies. Upgrading to a CET-enabled processor and enabling the feature in BIOS is the first step. Next, ensure your operating system and applications are CET-compatible. Microsoft has already announced CET support in Windows 10. The software must be compiled with CET instructions to ensure it benefits from the hardware protection.

⏳ When ?

Intel first introduced CET and Shadow Stack in 2016. Since then, the number of systems and applications that support these technologies has been steadily increasing.

⚙️ Technical Explanations

Control-flow Enforcement Technology (CET) and Shadow Stack are advanced cybersecurity technologies developed by Intel to harden systems against malicious exploits.

CET is a hardware-based security mechanism that introduces a new CPU architecture capable of tracking the control-flow of a program. This is to prevent common control-flow hijacking attacks, which are widespread techniques used in cyber-attacks to alter the execution path of a program. By monitoring a program's control-flow, CET can detect and prevent these attacks, thereby enhancing the security of the system.

Shadow Stack, a key component of CET, is a dedicated stack that only contains return addresses. In computer programming, a stack is a data structure used to store information about the active subroutines of a computer program. In the case of a Shadow Stack, it solely stores the return addresses of the functions, separate from the traditional stack. This isolation makes it difficult for attackers to manipulate return addresses to execute Return Oriented Programming (ROP) or Jump Oriented Programming (JOP) attacks. ROP and JOP attacks are advanced techniques used by hackers to execute malicious code by exploiting vulnerabilities in existing code. By separating the return addresses in a dedicated Shadow Stack, these attacks become significantly harder to execute.

To leverage CET and Shadow Stack, systems must have processors that support these technologies. This involves upgrading to a CET-enabled processor and enabling the feature in the system's BIOS. Furthermore, the operating system and applications must be CET-compatible. For example, Microsoft has announced CET support in Windows 10. Additionally, software must be compiled with CET instructions to ensure it benefits from the hardware protection.

These technologies, introduced by Intel in 2016, have been increasingly adopted in systems and applications, given the escalating sophistication and frequency of cyber threats. As a result, CET and Shadow Stack represent critical advancements in cybersecurity, addressing common vulnerabilities and providing an added layer of security.

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.