Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically up-dates the control-flow policy when new code is generated on the fly. Through evaluation on Google’s V8 JavaScript engine, we demon-strate that RockJIT can enforce strong secu...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Today's web applications remain vulnerable to cross-site scripting attacks that enable data theft. I...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
International audienceWith the adoption of cloud computing, securing remote program execution become...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Many widely-deployed modern programming systems use just-in-Time (JIT) compilers to improve performa...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in parti...
JavaScript is emerging as the ubiquitous language of choice for web browser applications. These ap-p...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Today's web applications remain vulnerable to cross-site scripting attacks that enable data theft. I...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
International audienceWith the adoption of cloud computing, securing remote program execution become...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Many widely-deployed modern programming systems use just-in-Time (JIT) compilers to improve performa...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in parti...
JavaScript is emerging as the ubiquitous language of choice for web browser applications. These ap-p...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...