RockJIT

Securing Just-In-Time compilation using modular Control-Flow Integrity

Ben Niu, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

36 Citations (Scopus)

Abstract

Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1317-1328
Number of pages12
ISBN (Electronic)9781450329576, 9781450329576, 9781450331470, 9781450331500, 9781450331517, 9781450331524, 9781450331531, 9781450331548, 9781450331555, 9781450332392
DOIs
StatePublished - Nov 3 2014
Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
Duration: Nov 3 2014Nov 7 2014

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other21st ACM Conference on Computer and Communications Security, CCS 2014
CountryUnited States
CityScottsdale
Period11/3/1411/7/14

Fingerprint

Flow control
Flow graphs
Spraying
Engines

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this

Niu, B., & Tan, G. (2014). RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 1317-1328). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/2660267.2660281
Niu, Ben ; Tan, Gang. / RockJIT : Securing Just-In-Time compilation using modular Control-Flow Integrity. Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, 2014. pp. 1317-1328 (Proceedings of the ACM Conference on Computer and Communications Security).
@inproceedings{9c27cf40a3ed483782fd4b93bed561db,
title = "RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity",
abstract = "Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6{\%} on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).",
author = "Ben Niu and Gang Tan",
year = "2014",
month = "11",
day = "3",
doi = "10.1145/2660267.2660281",
language = "English (US)",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",
pages = "1317--1328",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

Niu, B & Tan, G 2014, RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity. in Proceedings of the ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 1317-1328, 21st ACM Conference on Computer and Communications Security, CCS 2014, Scottsdale, United States, 11/3/14. https://doi.org/10.1145/2660267.2660281

RockJIT : Securing Just-In-Time compilation using modular Control-Flow Integrity. / Niu, Ben; Tan, Gang.

Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, 2014. p. 1317-1328 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - RockJIT

T2 - Securing Just-In-Time compilation using modular Control-Flow Integrity

AU - Niu, Ben

AU - Tan, Gang

PY - 2014/11/3

Y1 - 2014/11/3

N2 - Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).

AB - Managed languages such as JavaScript are popular. For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. In this paper, we propose a general approach called RockJIT to securing JIT compilers through Control-Flow Integrity (CFI). RockJIT builds a fine-grained control-flow graph from the source code of the JIT compiler and dynamically updates the control-flow policy when new code is generated on the fly. Through evaluation on Google's V8 JavaScript engine, we demonstrate that RockJIT can enforce strong security on a JIT compiler, while incurring only modest performance overhead (14.6% on V8) and requiring a small amount of changes to V8's code. Key contributions of RockJIT are a general architecture for securing JIT compilers and a method for generating fine-grained control-flow graphs from C++ code. Copyright is held by the owner/author(s).

UR - http://www.scopus.com/inward/record.url?scp=84910681910&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84910681910&partnerID=8YFLogxK

U2 - 10.1145/2660267.2660281

DO - 10.1145/2660267.2660281

M3 - Conference contribution

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 1317

EP - 1328

BT - Proceedings of the ACM Conference on Computer and Communications Security

PB - Association for Computing Machinery

ER -

Niu B, Tan G. RockJIT: Securing Just-In-Time compilation using modular Control-Flow Integrity. In Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery. 2014. p. 1317-1328. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2660267.2660281