JITSafe: a framework against Just-in-time spraying attacks

A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were th...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IET information security Jg. 7; H. 4; S. 283 - 292
Hauptverfasser: Chen, Ping, Wu, Rui, Mao, Bing
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Stevenage The Institution of Engineering and Technology 01.12.2013
IET
John Wiley & Sons, Inc
Schlagworte:
address space layout randomisation
Applied sciences
Barriers
code injection attacks
code‐reuse attack
Computer information security
Computer science; control theory; systems
Construction
Construction equipment
data execution prevention
Exact sciences and technology
invasive software
JIT compiled code time window
JITSafe
JIT‐based VMs
just‐in‐time spraying attacks
Memory and file management (including protection and security)
Memory organisation. Data processing
Operating systems
operating systems (computers)
operation system
performance overhead
Software
Spraying
Virtual environments
Windows (intervals)
address space layout randomisation
operation system
JIT-based VMs
performance overhead
invasive software
JIT compiled code time window
just-in-time spraying attacks
code-reuse attack
JITSafe
operating systems (computers)
data execution prevention
code injection attacks
Code-Reuse Attack
Randomization
Stack buffer overflow
Time window
Storage management
Just in time
Virtual machine
Code injection
Computer security
Computer attack
ISSN:1751-8709, 1751-8717
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.
Bibliographie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:1751-8709
1751-8717
DOI:10.1049/iet-ifs.2012.0142