Hardware Shadow Stack: Intel CET
- intels cpu maintains intern a stack of return targets
- > compares upon return(if no match raises CP{control protection})
Intel CET: Control-Flow Integrity
- Indirect Branch Tracking
- > ENDBRANCH Instruktion looks if call/jump was valid
- > at start of functions
Hardware Performance Counters(HPC)
- collects statistics of branches, cache hits/misses etc.
HPC: POR detection
- ROP chain causes return prediction misses, that can be observed
- if number of misprediction is too much; rain alert
HPC: Rootkit Detection
- HPC does interrupts and gathers information
- compares interrupts and looks if there have been pointers outside the normal known modules
HPC: Side Channel Detection
- if there are to many misses of the cache then raise alert
ROP detection via Last Branch Record
- modern processors are able to record last branch target
- if the code fragment is to short; alert
- if return branch not on original call; alert
SMEP
Supervisor Mode EXECUTION Prevention
- prevents execution of user data in kernel mode
SMAP
Supervisor Mode ACCESS Prevention
- forbids to access user data in supervisor mode
Hardware Assisted Crypto
CPU can generate more random numbers then software
Hardware Memory Encryption
- RAM stored in plain text
- > cold boot leaks it
- Encrypt pages
- > key always in CPU
Pointer Bounds Check in Hardware
- Fat pointer may help against buffer overflow
- > data still could be overwritten
- create registers that store lower and upper bound
- > need compiler for it
HDD versus Flash storage deletion
HDD
- Have sectors in HDD; if sector is overwritten with random data several times it’s “deleted”
Flash
- we have Blocks
- if we overwrite block it isn’t overwritten
- also if we overwritte all sectors; also data not overwritten
-> overwriting several times might work might not
