JITSafe: A framework against Just-in-time spraying attacks

IET Information Security

Volumn 7, Issue 4, 2013, Pages 283-292

  Chen, Ping ^a   Wu, Rui ^a   Mao, Bing ^a  

^a NANJING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

ADDRESS SPACE; CODE INJECTION ATTACKS; DATA EXECUTION PREVENTIONS; JUST-IN-TIME; OPERATION SYSTEM; RANDOMISATION; TIME WINDOWS; VIRTUAL MACHINES;

COMPUTER NETWORKS; INFORMATION SYSTEMS; SECURITY OF DATA;

JUST IN TIME PRODUCTION;

EID: 84890631913     PISSN: 17518709     EISSN: 17518717     Source Type: Journal    
DOI: 10.1049/iet-ifs.2012.0142     Document Type: Article

References (32)

1. Data Execution Prevention (DEP) in Windows XP Service Pack 2, Microsoft Corporation, 2006. Available at: Http://www.support. microsoft.com/kb/875352
2. The Pax project, Pax Team, 2004. Available at: Http://www.pax. grsecurity.net/
3. Designer, S.: 'Getting around non-executable stack (and fix),' 1997. Available at: Http://www.seclists.org/bugtraq/1997/Aug0063.html
4. Shacham, H.: 'The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)'. Proc. 14th ACM Conf. Computer and Communications Security (CCS), New York, NY, USA, ACM, 2007, pp. 552-561
5. Address Space Layout Randomization in Windows Vista, Microsoft Corporation, 2006. Available at: Http://www.blogs.msdn.com/b/michaelhoward/ archive/2006/05/26/address-space-layout-randomizationin-windows-vista.aspx
6. Bhatkar, E., Duvarney, D.C., Sekar, R.: 'Address obfuscation: An efficient approach to combat a broad range of memory error exploits'. Proc. 12th USENIX Security Symp., 2003, pp. 105-120
7. Blazakis, D.: 'Interpreter exploitation'. Proc. Fourth USENIX Conf. Offensive Technologies (WOOT), Berkeley, CA, USA, USENIX Association, 2010, pp. 1-9
8. Sintsov, A.: 'Writing jit-spray shellcode for fun and profit,' Digital Security Research Group, Tech. Rep., 2010. Available at: Http://www.dsecrg.com/ files/pub/pdf/Writing%20JIT-Spray%20Shellcode%20for% 20fun%20and%20profit.pdf
9. Sintsov: 'Jit-sprary attacks & advanced shellcode,' Digital Security Research Group, Technical Report, 2010. Available at: Http://www.dsecrg.com/ files/pub/pdf/HITB%20-%20JIT-Spray%20Attacks%20and %20Advanced%20Shellcode.pdf
10. Liebowitz, M.: 'it spraying': Hackers find new ways to hi-jack applications,' 2011. Available at: Http://www.securitynewsdaily.com/921-jit- spraying-hackers-find-new-ways-to-hijack-documents.html
11. Wikipedia: 'Heap spraying,' 2010. Available at: Http://www.en. wikipedia.org/wiki/Heap-spraying
12. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: 'Return-oriented programming: Systems, languages, and applications', ACM Trans. Inf. Syst. Secur. (TISSEC), 2012, 15, (1), pp. 1-34. Available at: Http ://www.cseweb.ucsd.edu/ ~hovav/papers/rbss12.html
13. Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: 'Drop: Detecting return-oriented programming malicious code'. Proc. Fifth Int. Conf. on Information Systems Security (ICISS), Berlin, Heidelberg, Springer-Verlag, 2009, pp. 163-177
14. The WebKit Open Source Project, Webkit, 2010. Available at: Http ://www.webkit.org/
15. V8 JavaScript Engine, Google Inc., 2010. Available at: Http://www.code.google.com/apis/v8/intro.html
16. Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability, Security Vulnerability Research Team, 2008. Available at: Http://www.seclists. org/bugtraq/2008/Sep/70
17. SAP GUI 7.10 WebViewer3D ActiveX-JIT-Spray Exploit, Digital Security Research Group, 2010. Available at: Http://www.dsecrg.com/files/exploits/SAP- Logon7-System.zip
18. Oracle Document Capture (EasyMail Objects EMSMTP.DLL 6.0.1) ActiveX Control BOF-JIT-Spray Exploit, Digital Security Research Group, 2010. Available at: Http://www.dsecrg.com/files/exploits/QuikSoft-reverse.zip
19. Sintsov, A.: 'Jit spraying attack on safari,' 2010. Available at: Http ://www.exploit-db.com/exploits/12614/
20. Chen, P., Xing, X., Mao, B., Xie, L., Shen, X., Yin, X.: 'Automatic construction of jump-oriented programming shellcode (on the x86)'. Proc. Sixth ACM Symp. on Information, Computer and Communications Security (ASIACCS), New York, NY, USA, ACM, 2011, pp. 20-29
21. Cowan, C., Pu, C., Maier, D., et al.: 'Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks'. Proc. Seventh Conf. on USENIX Security Symp. (USENIX), Berkeley, CA, USA, USENIX Association, 1998, pp. 63-78
22. Etoh, J.: 'Gcc extension for protecting applications from stack-smashing attacks,' June 2000. Available at: Http://www.trl.ibm.com/projects/security/ssp/
23. Wu, L.-A., Lidar, D.: 'Quantum malware', Quantum Inf. Process., 2006, 5, (2), pp. 69-81
24. Sotirov, A.: 'Heap feng shui in javascript,' 2007. Available at: Https ://www.blackhat.com/presentations/bh-europe-07/Sotirov/Presentation/ bh-eu-07-sotirov-apr19.pdf
25. Ding, Y.,Wei, T.,Wang, T., Liang, Z., Zou,W.: 'Heap taichi: Exploiting memory allocation granularity in heap-spraying attacks'. Proc. 26th Annual Computer Security Applications Conf. (ACSAC), New York, NY, USA, ACM, 2010, pp. 327-336
26. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: 'Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks'. Proc. Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2009, pp. 88-106
27. Libemu: 'X86 shellcode detection and emulation,' 2010. Available at: Http://www.libemu.mwcollect.org/
28. Ratanaworabhan, P., Livshits, B., Zorn, B.: 'Nozzle: A defense against heap-spraying code injection attacks'. Proc. 18th Conf. on USENIX Security Symp. (SSYM), Berkeley, CA, USA, USENIX Association, 2009, pp. 169-186
29. Bania, P.: 'Jit spraying and mitigations,' CoRRComputing Research Repository (CoRR) abs/1009.1038, 2010. Available at: Http://www.piotrbania.com/ all/articles/pbania-jit-mitigations2010.pdf
30. Tao, W., Tielei, W., Lei, D., Jing, L.: 'Secure dynamic code generation against spraying'. Proc. 17th ACM Conf. on Computer and Communications Security (CCS) poster, New York, NY, USA, ACM, 2010, pp. 738-740
31. Gadaleta, F., Younan, Y., Joosen, W.: 'Bubble: A javascript engine level countermeasure against heap-spraying attacks', in Massacci, F., Wallach, D., Zannone, N. (Ed.): 'Engineering Secure Software and Systems' (Springer-Berlin, Heidelberg, 2010), vol. 5965, pp. 1-17
32. De Groef, W., Nikiforakis, N., Younan, Y., Piessens, F.: 'Jitsec: just-in-time security for code injection attacks'. Benelux Workshop on Information and System Security (WISSEC 2010), November 2010. Available at: Https://www.lirias.kuleuven.be/handle/123456789/286573