International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. These engines find frequent application in web browsers like Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari. Since, the purpose of a JS engine is to produce executable code, it cannot be run in a non-executable environment, and is susceptible to attacks like Just-in-Time (JIT) Spraying, which embed return-oriented programming (ROP) gadgets in arithmetic or logical instructions as immediate offsets. This paper introduces libmask, a JIT compiler extension to prevent the JIT-spraying attacks as an effective alternative to XOR based constant blinding. libmask transforms constants into global variables and marks the memo...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Most modern JavaScript engines use just-in-time (JIT) compilation to translate parts of JavaScript c...
Today's web applications remain vulnerable to cross-site scripting attacks that enable data theft. I...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Web browsers that support a safe language such as Javascript are becoming a platform of great intere...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Modern JavaScript engines that power websites and even full applications on the Web are driven by th...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
In this dissertation we examine web exploitation from a number of different perspectives. First, we ...
Web browsers are one of the most security-critical applications that billions of people use to acces...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Most modern JavaScript engines use just-in-time (JIT) compilation to translate parts of JavaScript c...
Today's web applications remain vulnerable to cross-site scripting attacks that enable data theft. I...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Web browsers that support a safe language such as Javascript are becoming a platform of great intere...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Modern JavaScript engines that power websites and even full applications on the Web are driven by th...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
In this dissertation we examine web exploitation from a number of different perspectives. First, we ...
Web browsers are one of the most security-critical applications that billions of people use to acces...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Most modern JavaScript engines use just-in-time (JIT) compilation to translate parts of JavaScript c...
Today's web applications remain vulnerable to cross-site scripting attacks that enable data theft. I...