Products > Computers

hw-enforced Stack Protection, for once I appreciate Intel

(1/5) > >>

DiTBho:
Anyone who knows me knows how much I deeply hate Intel for all the times they made me curse when I had to program their damned first, second, third and fourth generation x86 CPUs, so I hate everything, from the 8088, up to the i586.

However, for once I can say: congratulations! This time you-intel added something really useful (for security, which is never too much), and above all not obscenely twisted!

So, what do we have here?

Kernel-mode Hardware-enforced Stack Protection
a security feature that protects systems from stack buffer overflow attacks, where an attacker attempts to trigger arbitrary code execution by overflowing a buffer (temporary memory storage) on the stack (a data structure used to store a program's function calls and local variables).

During these attacks, the attacker attempts to overwrite the return address or control data to redirect the execution of a program to run malicious code of the attacker's choosing.

The technique of overwriting the return address or control data to redirect a program's execution flow is known as a Return-Oriented Programming (ROP) attack.

The Kernel-mode Hardware-enforced Stack Protection feature requires a special hardware-based temporary stack called Shadow Stacks to work that mirrors the standard stack used by the operating system, and the stack cannot be modified by any running applications.


* When a program's function is called, the return address is stored in both the normal stack and the Shadow Stack
* When the function returns, the Hardware-enforced Stack Protection feature checks if the return address from the primary stack matches the one stored on the Shadow Stack
* If the return addresses match, the function returns as expected, and the program execution continues normally
* If the return addresses do not match, this could indicate an attack, such as a stack buffer overflow or an ROP attack. When this happens, Windows will terminate the process to prevent the execution of malicious code
* ...Using Shadow Stacks, Hardware-enforced Stack Protection feature can mitigate attacks, thus protecting the system from vulnerabilities, including zero-days.

SiliconWizard:
Yep, I've seen that recently too. Something that has been overdue for decades. Good job! ;D


DiTBho:
@SiliconWizard
yup, I was thinking of you, or rather of your need for security on RISC-V.

On intel it's advertised as "Intel Control-Flow Enforcement Technology (CET) technology", and it's only available on newer CPUs, but it's good to have!

I was just looking at some documentation, because... "unfortunately" I still have to deal with Intel servers, at this point I wll ask the purchasing-office to only buy intel CPUs that have this functionality!

Which is not even difficult to replicate on any other architectures, even OpenHardware things (softcore, etc)  :D

SiliconWizard:
I haven't dug deeply into Intel's feature yet. But it appears to be a "shadow stack", in other words, something that's meant to work transparently on existing code. The rationale and the goal are obvious, that's where the market is.
But in my case, I would go for something that doesn't act completely "transparently" on existing code. It would require explicit changes in how the code is compiled.
It's good to have the CPU mitigate a major hole in the way we've been using stacks for almost decades, but it would be better to change the way we use stacks. I think.

Zero999:

--- Quote from: SiliconWizard on November 08, 2023, 08:16:33 am ---But in my case, I would go for something that doesn't act completely "transparently" on existing code. It would require explicit changes in how the code is compiled.
It's good to have the CPU mitigate a major hole in the way we've been using stacks for almost decades, but it would be better to change the way we use stacks. I think.

--- End quote ---
How is it possible to do that, whilst maintainging backwards compatability?

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod