BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

Capítulo de livro Acesso aberto Revisado por pares

BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

2010; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-11747-3_1

ISSN

1611-3349

Autores

Francesco Gadaleta, Yves Younan, Wouter Joosen,

Tópico(s)

Web Application Security Vulnerabilities

Resumo

Web browsers that support a safe language such as Javascript are becoming a platform of great interest for security attacks. One such attack is a heap-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high number of objects containing the attacker's code on the heap, dramatically increasing the probability that the contents of one of these objects is executed. In this paper we present a lightweight approach that makes heap-spraying attacks in Javascript significantly harder. Our prototype, which is implemented in Firefox, has a negligible performance and memory overhead while effectively protecting against heap-spraying attacks.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks