Lobotomy: An Architecture for JIT Spraying Mitigation

Jauernig, Martin; Neugschwandtner, Matthias; Platzer, Christian; Comparetti, Paolo Milani

doi:10.1109/ares.2014.14

Cited by 3 publications

(3 citation statements)

References 9 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…disabled on program memory to prevent the exploitation of buffer overflows attacks. To overcome this issue, JITs typically provide an access to program memory exclusively with write or execute permissions [12,13,24]. In this work, we follow the same approach, but in addition the buffer of the polymorphic instance is protected so that only the legitimate SGPC can write into it.…”

Section: Management Of the Memory Access Permissions On Code Buffersmentioning

confidence: 99%

Automated Software Protection for the Masses Against Side-Channel Attacks

Belleville

Couroussé

Heydemann

et al. 2018

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

We present an approach and a tool to answer the need for effective, generic, and easily applicable protections against side-channel attacks. The protection mechanism is based on code polymorphism, so that the observable behaviour of the protected component is variable and unpredictable to the attacker. Our approach combines lightweight specialized runtime code generation with the optimization capabilities of static compilation. It is extensively configurable. Experimental results show that programs secured by our approach present strong security levels and meet the performance requirements of constrained systems. CCS Concepts: • Security and privacy → Side-channel analysis and countermeasures; Software security engineering; • Software and its engineering → Compilers;

show abstract

Section: Management Of the Memory Access Permissions On Code Buffersmentioning

confidence: 99%

Automated Software Protection for the Masses Against Side-Channel Attacks

Belleville

Couroussé

Heydemann

et al. 2018

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

show abstract

“…Finally, Lobotomy [31] proposes mitigating JIT spraying attacks by applying the principle of least privilege to the Firefox JIT engine: by splitting the compiler and executor modules of the engine, to greatly reduce the amount of code that needs to access writable and executable pages. The main drawbacks of Lobotomy, with respect to our approach, are: 1) its overhead, which is higher than ours, and 2) the need to redesign the JIT engine of the protected process.…”

Section: B Jit Sprayingmentioning

confidence: 99%

Glyph: Efficient ML-Based Detection of Heap Spraying Attacks

Pierazzi

Cristalli

Bruschi

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Some rights reserved. The terms and conditions for the reuse of this version of the manuscript are specified in the publishing policy. For all terms of use and more information see the publisher's website. This is the final peer-reviewed author's accepted manuscript (postprint) of the following publication:This item was downloaded from IRIS Università di Bologna (https://cris.unibo.it/).When citing, please refer to the published version.

show abstract

“…However, introducing this separation into an existing language runtime requires invasive process rearchitecting as well as runtime overhead in the form of interprocess communication. Lobotomy [16] and SDCG [28] take opposite approaches and allow the untrusted process to handle the RW and RX mappings, respectively. Overhead for these dual mapping defenses is high.…”

Section: B Memory Protectionmentioning

confidence: 99%

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Lian

Shacham

Savage

2017

Proceedings 2017 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

JIT spraying allows an attacker to subvert a Just-In-Time compiler, introducing instruction sequences useful to the attacker into executable regions of the victim program's address space as a side effect of compiling seemingly innocuous code in a safe language like JavaScript. We present new JIT spraying attacks against Google's V8 and Mozilla's SpiderMonkey JavaScript engines on ARM. The V8 attack is the first JIT spraying attack not to rely on instruction decoding ambiguity, and the SpiderMonkey attack uses the first ARM payload that executes unintended instructions derived from intended instruction bytes without resynchronizing to the intended instruction stream. We review the JIT spraying defenses proposed in the literature and their currently-deployed implementations and conclude that the current state of JIT spraying mitigation, which prioritizes low performance overhead, leaves many exploitable attacker options unchecked. We perform an empirical evaluation of mitigations with low but non-zero overhead in a unified framework and find that full, robust defense implementations of diversification defenses can effectively mitigate JIT spraying attacks in the literature as well as our new attacks with a combined average overhead of 4.56% on x86-64 and 4.88% on ARM32. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Lobotomy: An Architecture for JIT Spraying Mitigation

Cited by 3 publications

References 9 publications

Automated Software Protection for the Masses Against Side-Channel Attacks

Automated Software Protection for the Masses Against Side-Channel Attacks

Glyph: Efficient ML-Based Detection of Heap Spraying Attacks

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Contact Info

Product

Resources

About