RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2014, Pages 1317-1328

  Niu, Ben ^a   Tan, Gang ^a  

^a LEHIGH UNIVERSITY   (United States)

Author keywords

Control Flow Integrity; Just In Time Compilation; Modularity

Indexed keywords

CODES (SYMBOLS); DATA FLOW ANALYSIS; FLOW GRAPHS; GRAPHIC METHODS; JUST IN TIME PRODUCTION; PROGRAM COMPILERS;

CONTROL-FLOW INTEGRITIES; FINE-GRAINED CONTROL; GENERAL ARCHITECTURES; INPUT PROGRAMS; JUST-IN-TIME COMPILATION; MODULAR CONTROL; MODULARITY; STRONG SECURITIES;

C++ (PROGRAMMING LANGUAGE);

EID: 84910681910     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2660267.2660281     Document Type: Conference Paper

References (38)

1. Google V8 vulnerabilities. http://www.cvedetails.com/product/17734/Google-V8.html?vendor-id=1224.
2. Itanium c++ abi. http://mentorembedded.github.io/cxx-abi/abi.html.
3. ABADI, M., BUDIU, M., ERLINGSSON, Ú., AND LIGATTI, J. Control-Flow Integrity. In 12th ACM Conference on Computer and Communications Security (CCS) (2005), pp. 340-353.
4. AKRITIDIS, P., CADAR, C., RAICIU, C., COSTA, M., AND CASTRO, M. Preventing Memory Error Exploits with WIT. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (May 2008), pp. 263-277.
5. ANSEL, J. Personal communication, March 2014.
6. ANSEL, J., MARCHENKO, P., ERLINGSSON, Ú., TAYLOR, E., CHEN, B., SCHUFF, D., SEHR, D., BIFFLE, C., AND YEE, B. Language-Independent Sandboxing of Just-In-Time Compilation and Self-Modifying Code. In ACM Conference on Programming Language Design and Implementation (PLDI) (2011), pp. 355-366.
7. BADISHI, G. JIT Spraying Primer and CVE-2010-3654. http://badishi.com/jit-spraying-primer-and-cve-2010-3654/, 2012.
8. BLAZAKIS, D. Interpreter Exploitation. In Proceedings of the 4th USENIX Conference on Offensive Technologies (2010), WOOT'10, USENIX Association, pp. 1-9.
9. CARLINI, N., AND WAGNER, D. ROP is Still Dangerous: Breaking Modern Defenses. In 23rd USENIX Security Symposium (USENIX Security 14) (Aug. 2014), USENIX Association.
10. CHEN, P., FANG, Y., MAO, B., AND XIE, L. JITDefender: A Defense against JIT Spraying Attacks. In 26th IFIP International Information Security Conference (2011), vol. 354, pp. 142-153.
11. CHEN, P., WU, R., AND MAO, B. JITSafe: A Framework Against Just-In-Time Spraying Attacks. Information Security, IET 7, 4 (December 2013), 283-292.
12. DAVI, L., DMITRIENKO, R., EGELE, M., FISCHER, T., HOLZ, T., HUND, R., NURNBERGER, S., AND SADEGHI, A. MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. In Network and Distributed System Security Symposium (NDSS) (2012).
13. DAVI, L., LEHMANN, D., SADEGHI, A., AND MONROSE, F. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In 23rd USENIX Security Symposium (USENIX Security 14) (Aug. 2014), USENIX Association.
14. DEAN, J., GROVE, D., AND CHAMBERS, C. Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In Proceedings of the 9th European Conference on Object-Oriented Programming (1995), ECOOP '95, pp. 77-101.
15. DEUTSCH, L. P., AND SCHIFFMAN, A. M. Efficient Implementation of the Smalltalk-80 System. In Proceedings of the 11th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (1984), POPL '84, ACM, pp. 297-302.
16. ERLINGSSON, Ú., ABADI, M., VRABLE, M., BUDIU, M., AND NECULA, G. XFI: Software Guards for System Address Spaces. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2006), pp. 75-88.
17. FREDKIN, E. Trie Memory. Communications of ACM 3, 9 (Sept. 1960), 490-499.
18. GOKTAS, E., ATHANASOPOULOS, E., BOS, H., AND PORTOKALIDIS, G. Out Of Control: Overcoming Control-Flow Integrity. In Security and Privacy (SP), 2014 IEEE Symposium on (May 2014).
19. HÖLZLE, U., CHAMBERS, C., AND UNGAR, D. Optimizing Dynamically-Typed Object-Oriented Languages with Polymorphic Inline Caches. In ECOOP'91 European Conference on Object-Oriented Programming, P. America, Ed., vol. 512 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 1991, pp. 21-38.
20. HÖLZLE, U., CHAMBERS, C., AND UNGAR, D. Debugging Optimized Code with Dynamic Deoptimization. In Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation (1992), PLDI '92, ACM, pp. 32-43.
21. HOMESCU, A., BRUNTHALER, S., LARSEN, P., AND FRANZ, M. Librando: Transparent Code Randomization for Just-In-Time Compilers. In Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security (2013), CCS '13, ACM, pp. 993-1004.
22. JANG, D., TATLOCK, Z., AND LERNER, S. SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks. In 20th Annual Network and Distributed System Security Symposium (2014), NDSS '14, The Internet Society.
23. MCCAMANT, S., AND MORRISETT, G. Evaluating SFI for a CISC Architecture. In Proceedings of the 15th Conference on USENIX Security Symposium-Volume 15 (2006), USENIX-SS'06, USENIX Association.
24. MORRISETT, G., TAN, G., TASSAROTTI, J., TRISTAN, J., AND GAN, E. RockSalt: Better, Faster, Stronger SFI for the x86. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (2012), PLDI '12, ACM, pp. 395-404.
25. NIU, B., AND TAN, G. Monitor Integrity Protection with Space Efficiency and Separate Compilation. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (2013), CCS '13, ACM, pp. 199-210.
26. NIU, B., AND TAN, G. Modular Control-Flow Integrity. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (2014), PLDI '14, ACM, pp. 577-587.
27. PEWNY, J., AND HOLZ, T. Control-Flow Restrictor: Compiler-based CFI for iOS. In ACSAC '13: Proceedings of the 2013 Annual Computer Security Applications Conference (2013).
28. SEABORN, M. A dfa-based x86-32 validator for native client. https://github.com/mseaborn/x86-decoder, 2011.
29. SEHR, D., MUTH, R., BIFFLE, C., KHIMENKO, V., PASKO, E., SCHIMPF, K., YEE, B., AND CHEN, B. Adapting Software Fault Isolation to Contemporary CPU Architectures. In 19th Usenix Security Symposium (2010), pp. 1-12.
30. SINTSOV, A. Safari JS JITed Shellcode. http://www.exploit-db.com/exploits/14221/, 2010.
31. TICE, C., ROEDER, T., COLLINGBOURNE, P., CHECKOWAY, S., ERLINGSSON, Ú., LOZANO, L., AND PIKE, G. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In 23rd USENIX Security Symposium (USENIX Security 14) (Aug. 2014), USENIX Association.
32. WAHBE, R., LUCCO, S., ANDERSON, T. E., AND GRAHAM, S. L. Efficient Software-based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (1993), SOSP '93, ACM, pp. 203-216.
33. WANG, Z., AND JIANG, X. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Security and Privacy (SP), 2010 IEEE Symposium on (May 2010), pp. 380-395.
34. WEI, T., WANG, T., DUAN, L., AND LUO, J. INSeRT: Protect Dynamic Code Generation against Spraying. In Information Science and Technology (ICIST), 2011 International Conference on (March 2011), pp. 323-328.
35. WU, R., CHEN, P., MAO, B., AND XIE, L. RIM: A Method to Defend from JIT Spraying Attack. In Availability, Reliability and Security (ARES), 2012 Seventh International Conference on (Aug 2012), pp. 143-148.
36. YEE, B., SEHR, D., DARDYK, G., CHEN, J., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Security and Privacy, 2009 IEEE Symposium on (May 2009), pp. 79-93.
37. ZHANG, C., WEI, T., CHEN, Z., DUAN, L., SZEKERES, L., MCCAMANT, S., SONG, D., AND ZOU, W. Practical Control Flow Integrity and Randomization for Binary Executables. In Security and Privacy (SP), 2013 IEEE Symposium on (May 2013), pp. 559-573.
38. ZHANG, M., AND SEKAR, R. Control Flow Integrity for COTS Binaries. In Proceedings of the 22Nd USENIX Conference on Security (2013), SEC'13, USENIX Association, pp. 337-352.