RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity

Ben Niu, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

55 Scopus citations

Abstract

Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1317-1328
Number of pages12
ISBN (Print)9781450329576
DOIs
StatePublished - Nov 3 2014
Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
Duration: Nov 3 2014Nov 7 2014

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other21st ACM Conference on Computer and Communications Security, CCS 2014
Country/TerritoryUnited States
CityScottsdale
Period11/3/1411/7/14

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity'. Together they form a unique fingerprint.

Cite this