Web browsers are one of the most important enduser applications to browse, retrieve, and present Internet resources. Malicious or compromised resources may endanger Web users by hijacking web browsers to execute arbitrary malicious code in the victims' systems. Unfortunately, the widely-adopted Just-In-Time compilation (JIT) optimization technique, which compiles source code to native code at runtime, significantly increases this risk. By exploiting JIT compiled code, attackers can bypass all currently deployed defenses. In this paper, we systematically investigate threats against JIT compiled code, and the challenges of protecting JIT compiled code. We propose a general defense solution, JITScope, to enforce Control-Flow Integrity (...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...