Control-Flow Enforcement Technology

Intel Control-Flow Enforcement Technology (CET) is a security feature that is included in some newer Intel processors and is designed to help protect against certain types of malware attacks that exploit vulnerabilities in the control-flow of programs.

Control-flow refers to the order in which instructions in a program are executed. Malware attacks can exploit vulnerabilities in the control-flow of a program to bypass security measures and execute malicious code.

CET works by introducing two new hardware-based security features: Indirect Branch Tracking (IBT) and Shadow Stack (SS). IBT helps to prevent attacks that exploit indirect branches by tracking the origin of each branch and verifying that it is valid. SS provides a secure stack for storing return addresses, which helps to prevent attacks that exploit stack-based vulnerabilities.

Together, these features can help to improve the security of computer systems by protecting against a range of malware attacks, including those that use Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) techniques.

CET is an important security feature that can help to enhance the overall security and reliability of computer systems, particularly in business and enterprise environments where security threats are a significant concern.