RIM: A Method to Defend from JIT Spraying Attack

Author

Wu, Rui ; Chen, Ping ; Mao, Bing ; Xie, Li

Author_Institution

Dept. of Comput. Sci. & Technol., Nanjing Univ., Nanjing, China

fYear

2012

Firstpage

143

Lastpage

148

Abstract

As a code reuse technique, JIT spraying attack becomes popular on the JITed VM (Virtual Machine) (e.g., Javascript Engine, Flash Engine). Using a bug in web applications, an attacker can reuse the code generated by the JIT (Just-In-Time) compiler, which is used to optimize the performance of web applications. JIT spraying attacks can circumvent DEP and ASLR -- protection mechanisms of modern operating systems. Based on the observation that JIT spraying attack mostly uses the immediate operand of the arithmetic instruction to build a shellcode, we propose RIM, a technique that obfuscates the arithmetic operations in the JITed code and prevents attackers from reusing the native code to construct a malicious code. We implement a prototype on Tamarin flash engine and demonstrate the effectiveness of RIM. Experimental results show that RIM´s overhead is very low (less than 1%). And RIM greatly improves the security functionality of JIT compilers.

Keywords

Internet; operating systems (computers); program compilers; program debugging; security of data; virtual machines; ASLR; DEP; JIT compiler; JIT spraying attack; JITed VM; JITed code; RIM; Tamarin flash engine; Web applications; arithmetic instruction operand; bug; code generation; code reuse technique; just-in-time compiler; malicious code; operating system protection mechanisms; shellcode; virtual machine; Engines; Generators; Operating systems; Prototypes; Registers; Security; Spraying; JIT spraying attack; Just-In-Time Compilation; malicious script;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2012 Seventh International Conference on

Conference_Location

Prague

Print_ISBN

978-1-4673-2244-7

Type

conf

DOI

10.1109/ARES.2012.11

Filename

6329174