JITSafe: a framework against Just‐in‐time spraying attacks
2013; Institution of Engineering and Technology; Volume: 7; Issue: 4 Linguagem: Inglês
10.1049/iet-ifs.2012.0142
ISSN1751-8717
Autores Tópico(s)Network Security and Intrusion Detection
ResumoA new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.
Referência(s)