Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jit: Enhance security by Control-Flow Integrity #311

Open
jserv opened this issue Dec 28, 2023 · 0 comments
Open

jit: Enhance security by Control-Flow Integrity #311

jserv opened this issue Dec 28, 2023 · 0 comments
Labels
research Study certain topics

Comments

@jserv
Copy link
Contributor

jserv commented Dec 28, 2023
edited
Loading

JIT compilers present unique security challenges due to their complexity and lack of memory safety. These compilers handle untrusted input programs, optimize code, and incorporate components like garbage collectors. Such extensive C/C++ code bases are prone to critical security bugs, evidenced by buffer-overflow vulnerabilities found in engines like Google’s V8 JavaScript engine.

A significant security concern with JIT compilation is the code heap, which is typically writable and executable to allow for online code modification. This is crucial for optimizations like inline caching and on-stack replacement but negates the use of Data Execution Prevention (DEP) on the code heap's memory pages. Consequently, vulnerabilities like heap overflows can be exploited to inject and execute malicious code. Moreover, JIT compilers can be susceptible to a technique called JIT spraying. This involves crafting input programs with specific constants that manipulate the JIT compiler to generate native code containing these constants. Attackers can then redirect control flow to execute these constants as harmful code.

Control-Flow Integrity (CFI) upholds a predetermined Control-Flow Graph (CFG) in a program, particularly for indirect branches like returns, indirect calls, and jumps. It ensures these branches align with the CFG, which is essentially a static approximation of the program’s dynamic flow. Since there can be multiple CFGs for a program, CFI techniques are divided into two categories: coarse-grained and fine-grained.

Fine-grained CFI is more precise, allowing each indirect branch to have its unique target set, thereby greatly enhancing security. This precision is crucial in limiting an attacker's ability to connect Return-Oriented Programming (ROP) gadgets, making it an effective defense against ROP attacks. Various fine-grained CFI techniques have been explored in security research, offering advanced protection by closely monitoring and validating the control flow of a program. We can apply fine-grained CFI on the JIT compiler and therefore provides stronger security. Software diversification has been used to mitigate JIT spraying attacks.

Reference:
@jserv jserv added the research Study certain topics label Dec 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
research Study certain topics
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jserv