Just-in-Time compilers offer substantial runtime performance benefits over traditional execution methods like interpretation; and they have enjoyed widespread deployment in the JavaScript engines found in nearly all modern web browsers. Unfortunately, security has taken the back seat to performance in many JIT compilers, despite the often untrusted nature of their inputs and the tremendous privilege that they have been granted to generate machine code on the fly. While the concerns regarding performance are understandable, the threat posed by blind JIT spraying has been underestimated.In this dissertation, we demonstrate the feasibility of blind JIT spraying on the ARM architecture against three modern JavaScript engines, despite many restr...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Modern JavaScript engines that power websites and even full applications on the Web are driven by th...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Modern JavaScript engines that power websites and even full applications on the Web are driven by th...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...