NoJITsu: Locking Down JavaScript Engines

Park, Taemin; Dhondt, Karel; Gens, David; Na, Yeoul; Volckaert, Stijn; Franz, Michael

doi:10.14722/ndss.2020.24262

Cited by 8 publications

(3 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, data-only attacks are forcing the JIT compiler to generate malicious code by corrupting the JIT intermediate representation [5] or bytecodes [6], bypassing protections over JIT code and forcing the JIT compiler in generating the payload.…”

Section: Data-onlymentioning

confidence: 99%

“…JITGuard [5] consists of an isolation of the compilation and execution processes of JIT code set up through hardware-based trusted execution environments (namely Intel SGX). NoJITsu [6] locks each critical object in the VM with keys and restricted permissions. Hardware-enforced memory isolation stands out in both cases as the solution that provides the less performance overhead and a way to refine isolation if needed in the future.…”

Section: Defensesmentioning

confidence: 99%

See 1 more Smart Citation

JIT Compiler Security through Low-Cost RISC-V Extension

Ducasse

Cotret

Lagadec

2023

2023 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)

View full text Add to dashboard Cite

Language Virtual Machines (VM) need to be extremely efficient and hence use complex engines such as a JIT compiler to speed up the usual bytecode interpretation loop. Their usage of low-level and security-critical tasks make them targets of choice. Enforcing low-cost fine-grained memory isolation has been an important research focus as a countermeasure to the most advanced JIT attacks. Memory isolation splits the components of an application with controlled communication and verified access to other resources. We present how custom instructions linked to hardware-enforced domain-checking could protect JIT code and data. We present incremental solutions and their corresponding custom instructions. The generated machine code and extended RISC-V Rocket come at a low-cost both in performance and intrusiveness.

show abstract

Section: Data-onlymentioning

confidence: 99%

Section: Defensesmentioning

confidence: 99%

JIT Compiler Security through Low-Cost RISC-V Extension

Ducasse

Cotret

Lagadec

2023

2023 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)

View full text Add to dashboard Cite

show abstract

“…Trusted code is then allowed to access both domains, whereas untrusted code can only access the untrusted domain. Furthermore, researchers have used PKU to harden JavaScript engines [59], reinforce other exploit mitigations [17,19,34,45], and provide software abstractions for isolation and sandboxing [58]. PKU can also be used to implement eXecute-Only Memory (XOM).…”

Section: Pku-based Memory Isolation Schemesmentioning

confidence: 99%

You shall not (by)pass!

Voulimeneas

Vinck

Mechelinck

et al. 2022

Proceedings of the Seventeenth European Conference on Computer Systems

Self Cite

View full text Add to dashboard Cite

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs.Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code.In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Cerberus, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Cerberus to several memory isolation schemes, and show that it is practical, efficient, and secure.

show abstract