Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2014, Vol. 31 ›› Issue (2): 267-275.DOI: 10.7523/jssn.2095-6134.2014.02.018

• Research Articles • Previous Articles     Next Articles

Ares:a robust protection system for just-in-time engines

ZHU Ruoyu1, ZHANG Yuqing1,2, YAN Jingbo1   

  1. 1. Key Lab of Computer Networks and Information Security of Ministry of Education, Xidian University, Xi'an 710071, China;
    2. National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2013-02-01 Revised:2013-05-24 Online:2014-03-15
  • Supported by:

    Supported by National Natural Science Foundation of China(61272481) and National Natural Science Foundation of Beijing(4122089)

Abstract:

JIT(just-in-time) compilation technique improves the efficiency of code execution. In almost all web browsers as well as Java, Perl, Python, Ruby and Flash, JIT is implemented into their already complex code base. However, for high effectiveness, JIT engines allocate memory with RWX (readable, writable, and executable) permissions to predictable offsets, which goes against DEP (data execution prevention) and ASLR (address space layout randomization). We first analyze two existed JIT defense tools and show the defects of them. Based on our analysis, we design and implement an approach named Ares to protect JIT engines from normal JIT-based attack without modifying JIT engines' source code. Experiments show that our approach guarantees the safety of JIT compilation and the overhead is acceptable.

Key words: JIT (just-in-time) compilation engine, ASLR, DEP, defense tools

CLC Number: