Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techniques based on JIS compilation. This technique allows attackers to bypass data execution prevention (DEP) and address space layout randomization (ASLR). There are not yet any public methods to prevent this kind of attack which makes users quite vulnerable. This attack was analyzed to build models for Sledge, Shellcode's handover, and other key points to develop a JIT-spraying prevention mechanism based on random instruction padding. Quantitative analysis of the method's effectiveness shows that the best solution reduces the success rate of JIT-spraying attacks to less than 10-6 and only introduces about 13% more padding instructions...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, and DC...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, and DC...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...