Title :
Lobotomy: An Architecture for JIT Spraying Mitigation
Author :
Jauernig, Martin ; Neugschwandtner, Matthias ; Platzer, Christian ; Comparetti, Paolo Milani
Abstract :
JIT spraying has an assured spot in an attacker´s toolkit for Web browser exploitation: With JIT spraying an attacker is able to circumvent even the most sophisticated defense strategies against code injection, including address space layout randomization (ASLR), data execution prevention (DEP) and stack canaries. In this paper, we present Lobotomy, an architecture for building injection-safe JIT engines. Lobotomy is secure by design: it separates compiler and executor of a JIT engine in different processes that share the memory regions containing the compiled code. This allows us to use least-privilege access rights for both processes, preventing memory regions to be mapped with write- and execute-rights at the same time. Our proof-of-concept implementation that modifies the well-known Firefox JIT engine Trace monkey shows both the effectiveness and real-world feasibility of our architecture. Additionally, we provide a thorough evaluation of our version compared to an unmodified baseline and competing approaches.
Keywords :
authorisation; online front-ends; program compilers; software architecture; ASLR; DEP; Firefox JIT engine Trace monkey; JIT spraying mitigation; Lobotomy; Web browser exploitation; address space layout randomization; architecture; code injection; compiler; data execution prevention; defense strategies; execute-rights; executor; injection-safe JIT engines; least-privilege access rights; stack canaries; write-rights; Context; Engines; Memory management; Monitoring; Permission; Resource management; Spraying; exploitation; just-in-time compilation; memory corruption;
Conference_Titel :
Availability, Reliability and Security (ARES), 2014 Ninth International Conference on
Conference_Location :
Fribourg
DOI :
10.1109/ARES.2014.14
