BuBBle: A javascript engine level countermeasure against heap-spraying attacks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5965 LNCS, Issue , 2010, Pages 1-17

  Gadaleta, Francesco ^a   Younan, Yves ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

Browser security; Buffer overflow; Heap spraying; Memory corruption attacks

Indexed keywords

BROWSER SECURITY; BUFFER OVERFLOW; BUFFER OVERFLOWS; FIREFOX; IMPROVED RELIABILITY; JAVASCRIPT; MEMORY CORRUPTION ATTACKS; MEMORY OVERHEADS; SAFE LANGUAGES; SCRIPTING LANGUAGES; SECURITY ATTACKS;

BUFFER STORAGE; HIGH LEVEL LANGUAGES; JAVA PROGRAMMING LANGUAGE; LINGUISTICS;

WEB BROWSERS;

EID: 77949446893     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-11747-3_1     Document Type: Conference Paper

References (37)

1. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, Virginia, U.S.A., November 2005, pp. 340-353. ACM, New York (2005)
2. Anisimov, A.: Defeating microsoft windows xp sp2 heap protection and dep bypass, http://www.ptsecurity.com
3. Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanović, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS2003), Washington, D.C., U.S.A., October 2003, pp. 281-289. ACM, New York (2003)
4. Berry-Bryne, S.: Firefox 3.5 heap spray exploit (2009), http://www.milw0rm.com/exploits/9181
5. Bhatkar, S., Duvarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C., U.S.A., August 2003, pp. 105-120. USENIX Association (2003)
6. Bhatkar, S., Sekar, R.: Data space randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1-22. Springer, Heidelberg (2008)
7. Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: 14th USENIX Security Symposium, Baltimore, MD, August 2005, USENIX Association (2005)
8. Blog, M.A.L.: New backdoor attacks using pdf documents (2009), http://www.avertlabs.com/research/blog/index.php/2009/02/19/new-backdoor- attacks-using-pdf-documents/
9. Futuremark Corporation. Peacekeeper The Browser Benchmark, http://service.futuremark.com/peacekeeper/
10. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C., U.S.A., August 2003, pp. 91-104. USENIX Association (2003)
11. Daniel, M., Honoroff, J., Miller, C.: Engineering heap overflow exploits with javascript. In: WOOT 2008: Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, Berkeley, CA, USA, pp. 1-6. USENIX Association (2008)
12. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88-106. Springer, Heidelberg (2009)
13. Erlingsson, Ú.: Low-level software security: Attacks and defenses. Technical Report MSRTR-2007-153, Microsoft Research (November 2007)
14. Etoh, H., Yoda, K.: Protecting from stack-smashing attacks. Technical report, IBM Research Divison, Tokyo Research Laboratory (June 2000)
15. Mozilla Foundation. Firefox 3.5b4 (2009), http://developer.mozilla.org
16. Google. V8 Benchmark Suite - version 5, http://v8.googlecode.com
17. Intel. Intel architecture software developer's manual. vol. 2: Instruction set reference (2002)
18. E. C. M. A. International. ECMA-262: ECMAScript Language Specification. ECMA (European Association for Standardizing Information and Communication Systems), 3rd edn., Geneva, Switzerland (December 1999)
19. Jorendorff: Anatomy of a javascript object (2008), http://blog.mozilla. com/jorendorff/2008/11/17/ anatomy-of-a-javascript-object
20. Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, California, U.S.A., August 2002, USENIX Association (2002)
21. Krennmair, A.: ContraPolice: a libc extension for protecting applications from heap-smashing attacks (November 2003)
22. FireEye Malware Intelligence Lab. Heap spraying with actionscript (2009), http://blog.fireeye.com/research/2009/07/actionscript-heap-spray.html
23. Ratanaworabhan, P., Livshits, B., Zorn, B.: Nozzle: A defense against heap-spraying code injection attacks. Technical report, Microsoft Research (November 2008)
24. Robertson, W., Kruegel, C., Mutz, D., Valeur, F.: Run-time detection of heap-based overflows. In: Proceedings of the 17th Large Installation Systems Administrators Conference, San Diego, California, U.S.A., October 2003, pp. 51-60. USENIX Association (2003)
25. securiteam.com. Heap spraying: Exploiting internet explorer vml 0-day xp sp2 (2009), http://blogs.securiteam.com/index.php/archives/641
26. Securitylab. Adobe reader 0-day critical vulnerability exploited in the wild, cve-2009-0658 (2009), http://en.securitylab.ru/nvd/368655.php
27. skypher.com. Heap spraying (2007), http://skypher.com/wiki/index.php
28. Sotirov, A.: Heap feng shui in javascript (2007)
29. TMS. Data execution prevention, http://technet.microsoft.com/en-us/ library/cc738483.aspx
30. Wagle, P., Cowan, C.: Stackguard: Simple stack smash protection for gcc. In: Proceedings of the GCC Developers Summit, Ottawa, Ontario, Canada, May 2003, pp. 243-256 (2003)
31. www2.webkit.org Sunspider javascript benchmark (2009), http://www2.webkit.org/perf/sunspider-0.9/sunspider.html
32. www.milw0rm.com Safari (arguments) array integer overflow poc (new heap spray) (2009), http://www.milw0rm.com/exploits/7673
33. www.packetstormsecurity.org 25bytes-execve (2009), http://www. packetstormsecurity.org/shellcode/25bytes-execve.txt
34. Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: 22nd International Symposium on Reliable Distributed Systems (SRDS 2003), Florence, Italy, October 2003, pp. 260-269. IEEE Computer Society, IEEE Press, Los Alamitos (2003)
35. Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A survey of vulnerabilities and countermeasures. Technical report, Departement Computerwetenschappen, Katholieke Universiteit Leuven (2004)
36. Younan, Y., Joosen, W., Piessens, F.: Efficient protection against heap-based buffer overflows without resorting to magic. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 379-398. Springer, Heidelberg (2006)
37. Younan, Y., Pozza, D., Piessens, F., Joosen, W.: Extended protection against stack smashing attacks without performance loss. In: Proceedings of the Twenty-Second Annual Computer Security Applications Conference (ACSAC 2006), pp. 429-438. IEEE Press, Los Alamitos (2006)