International audienceLanguage Virtual Machines (VM) need to be extremely efficient and hence use complex engines such as a JIT compiler to speed up the usual bytecode interpretation loop. Their usage of low-level and security-critical tasks make them targets of choice. Enforcing low-cost fine-grained memory isolation has been an important research focus as a countermeasure to the most advanced JIT attacks. Memory isolation splits the components of an application with controlled communication and verified access to other resources. We present how custom instructions linked to hardware-enforced domain-checking could protect JIT code and data. We present incremental solutions and their corresponding custom instructions. The generated machine ...
Abstract Dynamic or Just-in-Time (JIT) compilation is crucial to achieve acceptable performance for ...
Fine-grained program counter-based memory access control mechanisms can be used to enhance low-level...
We present a compiler-based scheme for protecting the confidentiality of sensitive data in low-level...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Reference protection mechanisms, which control the propagation of references, are commonly used to i...
International audienceComputing devices became part of our daily world. But being physically accessi...
We present a secure (fully abstract) compilation scheme to compile a high-level language to low-leve...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Abstract Dynamic or Just-in-Time (JIT) compilation is crucial to achieve acceptable performance for ...
Fine-grained program counter-based memory access control mechanisms can be used to enhance low-level...
We present a compiler-based scheme for protecting the confidentiality of sensitive data in low-level...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Reference protection mechanisms, which control the propagation of references, are commonly used to i...
International audienceComputing devices became part of our daily world. But being physically accessi...
We present a secure (fully abstract) compilation scheme to compile a high-level language to low-leve...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
Abstract Dynamic or Just-in-Time (JIT) compilation is crucial to achieve acceptable performance for ...
Fine-grained program counter-based memory access control mechanisms can be used to enhance low-level...
We present a compiler-based scheme for protecting the confidentiality of sensitive data in low-level...