JITSafe: a framework against Just-in-time spraying attacks

A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.