JITDefender: A defense against JIT spraying attacks

IFIP Advances in Information and Communication Technology

Volumn 354 AICT, Issue , 2011, Pages 142-153

  Chen, Ping ^a   Fang, Yi ^a   Mao, Bing ^a   Xie, Li ^a  

^a NANJING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); NETWORK SECURITY;

ACTIONSCRIPT; ADDRESS SPACE LAYOUT RANDOMIZATIONS; CODE INJECTION ATTACKS; CODE REUSE; DATA EXECUTION PREVENTIONS; FALSE POSITIVE; JUST IN TIME;

JUST IN TIME PRODUCTION;

EID: 79960876719     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-21424-0_12     Document Type: Conference Paper

References (29)

1. Google chrome 0.2.149.27 'saveas' function buffer overflow vulnerability, http://seclists.org/bugtraq/2008/Sep/70
2. KVM, www.linux-kvm.org/
3. QEMU, http://wiki.qemu.org/Main-Page
4. The Webkit open source project, webkit.org/
5. x86 shellcode detection and emulation, http://libemu.mwcollect.org/
6. The Pax project (2004), http://pax.grsecurity.net/
7. Abadi, M., Budiu, M., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), pp. 340-353. ACM, New York (2005)
8. Bania, P.: JIT spraying and mitigations (2010), http://arxiv.org/abs/ 1009.1038
9. Bhatkar, E., Duvarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, pp. 105-120 (2003)
10. Blazakis, D.: Interpreter exploitation. In: Proceedings of tth USENIX Workshop on Offensive Technologies (WOOT 2010), pp. 1-9 (2010)
11. Kolbitsch, C., Holz, T., Kruegel, C., Kirda, E.: Inspector gadget: Automated extraction of proprietary gadgets from malware binaries. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, pp 29-44 (2010)
12. Caballero, J., Johnson, N.M., McCamant, S., Song, D.: Binary code extraction and interface identification for security applications. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (2010)
13. Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, vol. 7, p. 11. USENIX Association, Berkeley (2006)
14. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88-106. Springer, Heidelberg (2009)
15. Erlingsson, U., Valley, S., Abadi, M., Vrable, M., Budiu, M., Necula, G.C.: XFI: Software guards for system address spaces. In: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, vol. 7, p. 6. USENIX Association, Berkeley (2006)
16. Gadaleta, F., Younan, Y., Joosen, W.: BuBBle: A javascript engine level countermeasure against heap-spraying attacks. In:Massacci, F.,Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 1-17. Springer, Heidelberg (2010)
17. de Groef, W., Nikiforakis, N., Younan, Y., Piessens, F.: Jitsec: Just-in-time security for code injection attacks. In: Benelux Workshop on Information and System Security (WISSEC 2010), pp. 1-15 (2010)
18. Google Inc.: V8 javascript engine, code.google.com/apis/v8/intro.html
19. Payer, M.: I control your code attack vectors through the eyes of software-based fault isolation. In: 27C3 (2010)
20. Ratanaworabhan, P., Livshits, B., Zorn, B.: Nozzle: A defense against heap-spraying code injection attacks. In: Proceedings of 18th USENIX Security Symposium (2009)
21. Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 552-561. ACM, New York (2007)
22. Sintsov, A.: JIT spraying attack on safari, http://www.exploit-db.com/ exploits/12614/
23. Sintsov, A.: Oracle document capture (easymail objects emsmtp.dll 6.0.1) activex control bof - JIT-spray exploit, http://dsecrg.com/files/exploits/ QuikSoft-reverse.zip-reverse.zip
24. Sintsov, A.: SAP GUI 7.10 webviewer3d Activex - JIT-spray exploit, http://dsecrg.com/files/exploits/SAP-Logon7-System.zip
25. Sintsov, A.: JIT-spray attacks & advanced shellcode (2010), http://dsecrg.com/files/pub/pdf/HITB%20-%20JIT- Spray%20Attacks%20and%20Advanced%20Shellcode.pdf
26. Sintsov, A.: Writing JIT-spray shellcode for fun and profit. In: Technical Report of Digital Security (2010)
27. Tao, W., Tielei, W., Lei, D., Jing, L.: Secure dynamic code generation against spraying. In: CCS 2010 Poster, pp. 738-740. ACM, New York (2010)
28. Wang, T.: Integer overflow on QEMU, http://lists.nongnu.org/archive/html/ qemu-devel/2008-08/msg01052.html
29. Wikipedia: Heap spraying (2010), http://en.wikipedia.org/wiki/Heap- spraying