DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion Blazakis recently presented a Flash JIT-Spraying attack against Adobe Flash Player that easily circumvented DEP and ASLR protection mechanisms built in modern operating systems. We have generalized and extended JIT Spraying into DCG Spraying. Based our analyses on this abstract model of DCG Spraying, we have found that all mainstream DCG implementations (Java / JavaScript / Flash /.Net/ SilverLight) are vulnerable against DCG Spraying attack, and none of the existing ad hoc defenses such as compilation optimization, random NOP padding and constant splitting provides effective protection. Furthermore, we propose a new protection method, INSeRT,...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
This thesis examines code obfuscation techniques to protect software against analysis and unwanted m...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, and DC...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
Dynamically-typed languages have improved programming experience in software development, leading to...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
This thesis examines code obfuscation techniques to protect software against analysis and unwanted m...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, and DC...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
Dynamically-typed languages have improved programming experience in software development, leading to...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
This thesis examines code obfuscation techniques to protect software against analysis and unwanted m...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...