Indirect branch tracking
Indirect branch tracking (IBT), also known as branch target identification (BTI), is a control flow integrity mechanism implemented on some Intel x86-64 and ARM-64 processors. IBT is designed to protect against computer security exploits that use indirect branch instructions to jump into code in unintended ways, such as return-oriented programming.
It creates a special "branch target" instructions that have no function other than to mark a location as a valid indirect branch target, with the processor capable of being put into a mode where it will raise an exception if an indirect branch is made to a location without a branch target instruction.
Implementations
[edit]On Intel processors, the technique is known as Indirect Branch Tracking (IBT), with the "end branch" instructions endbr32 and endbr64 acting as the branch target instructions for 32- and 64-bit mode respectively.[1][2] IBT is part of the Intel Control-Flow Enforcement Technology first released in the Tiger Lake generation of processors.[3]
The similar technology on ARM-64 processors is called Branch Target Identification (BTI), with the instruction, also called BTI, having three variants that make it check only for jumps, or function calls, or for both.[4][5]
References
[edit]- ^ Corbet, Jonathan (March 31, 2022). "Indirect branch tracking for Intel CPUs". lwn.net. Retrieved 2023-07-14.
- ^ "Indirect Branch Tracking - 006 - ID:655258 | 12th Generation Intel® Core™ Processors". edc.intel.com. Retrieved 2024-02-23.
- ^ "Intel brings novel CET technology to Tiger Lake mobile CPUs". ZDNET. Retrieved 2024-02-23.
- ^ "Documentation – Arm Developer". developer.arm.com. December 2021. Retrieved 2023-07-14.
- ^ "Documentation – Arm Developer". developer.arm.com. Retrieved 2024-02-23.
 | This computer security article is a stub. You can help Wikipedia by expanding it. |