Abstract

A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Leakage is prohibited: memory protection extensions protected address space randomization
Fei Yan ... Kai Wang
Tsinghua Science and Technology | VOL. 24
Fei Yan, et. al.Fei Yan ... Kai Wang
01 Oct 2019
JITDefender: A Defense against JIT Spraying Attacks
Ping Chen ... Yi Fang
-
Ping Chen, et. al.Ping Chen ... Yi Fang
01 Jan 2010
Function-Oriented Programming: A New Class of Code Reuse Attack in C Applications
Yingjie Guo ... Liwei Chen
-
Yingjie Guo, et. al.Yingjie Guo ... Liwei Chen
01 May 2018
ReRanz
Zhe Wang ... Xiangyu Zhang
ACM SIGPLAN Notices | VOL. 52
Zhe Wang, et. al.Zhe Wang ... Xiangyu Zhang
08 Apr 2017
View more papers

More From: IET Information Security

Paper Title
Journal
Date
Author
Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach
Armita Kazeminajafabadi ... Mahdi Imani
IET Information Security | VOL. 2024
Armita Kazeminajafabadi, et. al.Armita Kazeminajafabadi ... Mahdi Imani
27 May 2024
Automated Differential-Linear Cryptanalysis for AND-RX Ciphers
Wenya Li ... Kai Zhang
IET Information Security | VOL. 2024
Wenya Li, et. al.Wenya Li ... Kai Zhang
21 May 2024
Unveiling the Neutral Difference and Its Automated Search
Guangqiu Lv ... Chenhui Jin
IET Information Security | VOL. 2024
Guangqiu Lv, et. al.Guangqiu Lv ... Chenhui Jin
14 May 2024
Boosting the Transferability of Ensemble Adversarial Attack via Stochastic Average Variance Descent
Lei Zhao ... Bin Pu
IET Information Security | VOL. 2024
Lei Zhao, et. al.Lei Zhao ... Bin Pu
11 May 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.