JITSec

Just-in-time Security for Code Injection Attacks

Authors

• Willem De Groef
• Nick Nikiforakis
• Yves Younan
• Frank Piessens

Abstract

In order to combat code injection attacks, modern operating systems use among others, the Write-XOR-Execute (W⊕X) countermeasure which disallows code execution from writable memory pages. Unfortunately though, a widely used programming technique, namely Just-in-time compilation (JIT), clashes with the use of this countermeasure since its use relies on writable memory where it places dynamically generated code. In order to overcome this problem, programmers that use such techniques code around the (W⊕X) countermeasure in ways that open up their programs to code injection attacks. In this paper we present JITSec, a new countermeasure specifically geared towards programs that use JIT compilation techniques. By decoupling sensitive from non-sensitive code, we block the execution of the former from writable memory pages while allowing the latter. Our distinction is based on the separation of normal function calls within the processes’ address space from system calls. Our resulting system is fully transparent to the operating system and it makes it possible to protect all applications without user intervention or access to source code. The overhead of our prototype is negligible (under 2%), allowing its adoption in place of the W⊕X countermeasure in cases where code execution from writable memory pages is desired.

Downloads

• Paper [BibTeX]
• Presentation of JITSec at WISSec 2010 [PDF]

Looking for the source code? Download the tarball.

Acknowledgments

This research is partially funded by the Interuniversity Attraction Poles Programme Belgian State, Belgian Science Policy, and by the Research Fund K.U. Leuven.