TY - GEN
T1 - RockJIT
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
AU - Niu, Ben
AU - Tan, Gang
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).
AB - Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).
UR - http://www.scopus.com/inward/record.url?scp=84910681910&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84910681910&partnerID=8YFLogxK
U2 - 10.1145/2660267.2660281
DO - 10.1145/2660267.2660281
M3 - Conference contribution
AN - SCOPUS:84910681910
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1317
EP - 1328
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 3 November 2014 through 7 November 2014
ER -