Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack virtual machines based on JIT (Just-in-time) compilation. It has proven to be capable of circumventing the defenses such as data execution prevention (DEP) and address space layout randomization(ASLR), which are effective for preventing the traditional code injection attacks. In this paper, we describe JITDefender, an enhancement of standard JIT-based VMs, which can prevent the attacker from executing arbitrary JIT compiled code on the VM. Thereby JITDefender can block JIT spraying attacks. We prove the effectiveness of JITDefender by demonstrating that it can successfully prevent existing JIT spraying exploits. JITDefender reports no false p...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in prese...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
International audienceLanguage Virtual Machines (VM) need to be extremely efficient and hence use co...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in prese...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Abstract—In the face of widespread DEP and ASLR deploy-ment, JIT spraying brings together the best o...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
International audienceLanguage Virtual Machines (VM) need to be extremely efficient and hence use co...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in prese...