INSeRT: Protect dynamic code generation against spraying

2011 International Conference on Information Science and Technology, ICIST 2011

Volumn , Issue , 2011, Pages 323-328

  Wei, Tao ^a   Wang, Tielei ^a   Duan, Lei ^a   Luo, Jing ^b  

^a PEKING UNIVERSITY   (China)

^b INSTITUTE OF BIOPHYSICS   (China)

Author keywords

[No Author keywords available]

Indexed keywords

DYNAMIC CODE GENERATION; INTRINSIC ELEMENTS; JAVASCRIPT; MACHINE INSTRUCTIONS; OPERATING SYSTEMS; PROTECTION MECHANISMS; PROTECTION METHODS; WEB 2.0;

INFORMATION SCIENCE; NETWORK COMPONENTS; USER INTERFACES;

PROGRAM COMPILERS;

EID: 79957820877     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIST.2011.5765261     Document Type: Conference Paper

References (34)

1. Keppel, D., Eggers, S.J., and Henry, R.R. 1991. A case for runtime code generation. Technical Report CSE-91-11-04, University of Washington. [Online]. Available: http://www.cs.washington.edu/research/compiler/papers.d/rtcg-case. html
2. Aycock, J., "A Brief History of Just-in-time", ACM Computing Surveys, 35, 2, pp.97-113. 2003
3. Google Inc. 2010. V8 JavaScript Engine. [Online]. Available: http://code.google.com/apis/v8/design.html.
4. Blazakis, D, "Interpreter exploitation: Pointer inference and jit spraying". In Black Hat DC, USA, 2010.
5. SkyLined. 2004. Internet Explorer IFRAME src&name parameter BoF remote compromise. [Online]. Available: http://skypher.com/wiki/index.php?title= Www.edup.tudelft.nl/~bjwever/advisory-iframe.html.php.
6. Microsoft Inc. 2010. Data Execution Prevention: frequently asked questions. [Online]. Available: http://windows.microsoft.com/en-US/windows- vista/Data-Execution-Prevention-frequently-asked-questions.
7. Whitehouse, O. 2007. An Analysis of Address Space Layout Randomization on Windows Vista. [Online]. Available: http://www.symantec.com/avcenter/reference/ Address-Space-Layout-Randomization.pdf.
8. Sintsov, A. 2010. Writing JIT-Spray Shellcode for fun and profit. Digital Security Research Group. [Online]. Available: http://www.dsecrg.com/files/pub/ pdf/Writing%20JIT-Spray%20Shellcode%20for%20fun%20and%20profit.pdf.
9. Wikipedia. 2010. V8 (JavaScript engine). [Online]. Available: http://en.wikipedia.org/wiki/V8-(JavaScript-engine)
10. Sinan Eran (noir). GetPC code. [Online]. Available: http://www. securityfocus.com/archive/82/327100/2009-02-24/1.
11. Intel Corp, IA-32 Intel® Architecture Software Developer's Manual Volume 2: Instruction Set Reference, [Online]. Available: http://developer. intel.com/design/pentiumii/manuals/243191.htm, 2001.
12. Ratanaworabhan, P., Livshits, B., Zorn, B., "NOZZLE: A Defense Against Heap-spraying Code Injection Attacks", In Proceedings of the 18th USENIX Security Symposium, 2009
13. The HotSpot Group, HotSpot, [Online]. Available: http://openjdk.java.net/ groups/hotspot/.
14. GCC team, The GNU Compiler for the Java Programming Language. [Online]. Available: http://gcc.gnu.org/java/.
15. Microsoft Corp., The .NET Framework. [Online]. Available: http://www.microsoft.com/net/.
16. Stachowiak, M., Introducing SquirrelFish Extreme. [Online]. Available: http://webkit.org/blog/214/introducing-squirrelfish-extreme/.
17. skypher.com, Hacking/Shellcode/GetPC. [Online]. Available: http://skypher.com/wiki/index.php/Hacking/Shellcode/GetPC.
18. Mozilla project, JavaScript:TraceMonkey. [Online]. Available: https://wiki.mozilla.org/JavaScript:TraceMonkey.
19. Barth, A., Jackson, C., Reis, C., and The Google Chrome Team, The Security Architecture of the Chromium Browser, Technical Report 2008. [Online]. Available: http://www.adambarth.com/papers/2008/barth-jackson-reis.pdf.
20. Cox, R.S., Hansen, J.G., Gribble, S.D., and Levy, H.M.. "A safety-oriented platform for web applications", In IEEE Symposium on Security and Privacy, 2006.
21. Grier, C., Tang, S., and King, S.T.. "Secure web browsing with the op web browser". In IEEE Symposium on Security and Privacy, 2008.
22. Ioannidis, S., and Bellovin, S.M.. "Building a secure web browser". In Proceedings of the USENIX Annual Technical Conference, Freenix Track, June 2001.
23. Zeigler, A.. IE8 and Loosely-Coupled IE, March 2008. [Online]. Available: http://blogs.msdn.com/ie/archive/2008/03/11/ie8-and-loosely-coupledie-lcie. aspx.
24. WebKit Open Source Project, SunSpider 0.9.1 JavaScript Benchmark, [Online]. Available: http://www2.webkit.org/perf/sunspider-0.9.1/sunspider.html.
25. Pincus, J., Baker, B., "Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns", in IEEE Security & Privacy, 2004.
26. Wikipedia, Data Execution Prevention, [Online]. Available: http://en.wikipedia.org/wiki/Data-Execution-Prevention.
27. Shacham, H.. "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)". In Proc. 14th ACM Conf. Comp. and Comm. Sec. (CCS 2007), 2007
28. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., and Boneh, D.. "On the effectiveness of address-space randomization". In Proc. 11th ACM Conf. Comp. and Comm. Sec.(CCS 2004), 2004.
29. Solé, P., Defeating DEP, the Immunity Debugger way, [Online]. Available: http://www.immunityinc.com/downloads/DEPLIB.pdf, 2008.
30. Pwn2Own 2010, [Online]. Available: http://dvlabs.tippingpoint.com/blog/ 2010/02/15/pwn2own-2010, 2010.
31. Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Orm, T., et al., "Native Client: A Sandbox for Portable, Untrusted x86 Native Code", In Proceedings of the 2009 IEEE Symposium on Security and Privacy (Oakland 2009), 2009
32. Microsoft Corp., Silverlight, [Online]. Available: http://www.microsoft. com/silverlight/
33. Adobe Corp., Adobe Flash Player, [Online]. Available: http://get.adobe.com/cn/flashplayer/.
34. Wikipedia, Microsoft Silverlight, [Online]. Available: http://en.wikipedia.org/wiki/Microsoft-Silverlight.