JIT Spraying and Mitigations

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

JIT spraying allows an attacker to subvert a JustIn-Time compiler, introducing instruction sequences useful to the attacker into executable regions of the victim program’s address space as a side effect of compiling seemingly innocuous code in a safe language like JavaScript. We present new JIT spraying attacks against Google’s V8 and Mozilla’s SpiderMonkey JavaScript engines on ARM. The V8 att...

Too LeJIT to Quit: Extending JIT Spraying to ARM

In the face of widespread DEP and ASLR deployment, JIT spraying brings together the best of code injection and code reuse attacks to defeat both defenses. However, to date, JIT spraying has been an x86-only attack thanks to its reliance on variable-length, unaligned instructions. In this paper, we finally extend JIT spraying to a RISC architecture by introducing a novel technique called gadget ...

Interpreter Exploitation

As remote exploits further dwindle and perimeter defenses become the standard, remote client-side attacks are becoming the standard vector for attackers. Modern operating systems have quelled the explosion of client-side vulnerabilities using mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). This work illustrates two novel techniques to...

JITDefender: A Defense against JIT Spraying Attacks

JIT spraying is a new code-reuse technique to attack virtual machines based on JIT (Just-in-time) compilation. It has proven to be capable of circumventing the defenses such as data execution prevention (DEP) and address space layout randomization(ASLR), which are effective for preventing the traditional code injection attacks. In this paper, we describe JITDefender, an enhancement of standard ...

Randomization Can't Stop BPF JIT Spray