No Sec knows that Confidential Compute is not the answer.
There are many common approaches to compute runtime protections such as SEHOP, ASLR, and DEP, and many more code security best practices which make it more difficult for any piece of code to take over a system, without knowing a precise attack signature, however these solutions and workarounds have issues and are difficult to maintain on systems.
—> Structured Exception Handler Overwrite Protection (SEHOP) attempts to make stack overflows harder to accomplish by checking to make sure that chains of exception handlers (interruptions) aren’t hijacked…but…
…still hackable, especially in Microsoft products.
—> Address Space Layout Randomization (ASLR) – moves pieces of programs around randomly in portions of memory in an attempt to make it harder for nefarious code segments to jump to some place in memory that they shouldn’t…but…
…old school technology.
—> Data Execution Prevention (DEP) – an attempt to prevent programs from executing in memory locations that should contain data and not code…but…
…prone to issues and software chaos.
NoSec Cybersecurity Consulting focus on advanced technologies and implementations, not cosmetic fixes to old school technology patterns.
We are against cybersecurity wastes and common IT acceptance. Lets help each other secure our digital future.