NoJITsu: Locking Down JavaScript Engines

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=11xOyFIw62s


Duration: 31:38
7 views
0

Taemin Park | PhD Student, University of California, Irvine
Date: Wednesday, August 5 | 1:30pm-2:10pm
Format: 40-Minute Briefings
Tracks: Defense, Exploit Development

Data-only attacks against dynamic scripting environments have become common. Web browsers and other modern applications embed scripting engines to support interactive content. The scripting engines optimize performance via just-in-time compilation. Since applications are increasingly hardened against code-reuse attacks, adversaries are looking to achieve code execution or elevate privileges by corrupting sensitive data like the intermediate representation of optimizing JIT compilers. This has inspired numerous defenses for just-in-time compilers.

Our work demonstrates that securing JIT compilation is not sufficient. First, we present a proof-of-concept data-only attack against a recent version of Mozilla's SpiderMonkey JIT in which the attacker only corrupts heap objects to successfully issue a system call from within bytecode execution at run time. Previous work assumed that bytecode execution is safe by construction since interpreters only allow a narrow set of benign instructions and bytecode is always checked for validity before execution. We show that this does not prevent malicious code execution in practice. Second, we design a novel defense, dubbed NOJITSU to protect complex, real-world scripting engines from data-only attacks against interpreted code.

The key idea behind our defense is to enable fine-grained memory access control for individual memory regions based on their roles throughout the JavaScript lifecycle. For this we combine automated analysis, instrumentation, compartmentalization, and Intel's Memory-Protection Keys to secure SpiderMonkey against existing and newly synthesized attacks. We implement and thoroughly test our implementation using a number of real-world scenarios as well as standard benchmarks. We show that NOJITSU successfully thwarts code-reuse as well as data-only attacks against any part of the scripting engine while offering a modest run-time overhead of only 5%.

Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds
2022-01-09My Cloud is APT's Cloud Investigating and Defending Office 365
2022-01-09Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
2022-01-09EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
2022-01-09Exploiting Kernel Races through Taming Thread Interleaving
2022-01-09Needing the DoH: The Ongoing Encryption and Centralization of DNS
2022-01-09Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa
2022-01-09FASTCash and INJX Pure How Threat Actors Use Public Standards for Financial Fraud
2022-01-09CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms
2022-01-09NoJITsu: Locking Down JavaScript Engines
2022-01-09Carrying our Insecurities with Us The Risks of Implanted Medical Devices in Secure Spaces
2022-01-09Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares
2022-01-09Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
2022-01-09Office Drama on macOS
2022-01-09Fooling Windows through Superfetch
2022-01-09A Decade After Stuxnet's Printer Vulnerability Printing is Still the Stairway to Heaven
2022-01-09Decade of the RATs Custom Chinese Linux Rootkits for Everyone
2022-01-09Hacking Public Opinion
2022-01-09IMP4GT IMPersonation Attacks in 4G NeTworks
2022-01-09A Framework for Evaluating and Patching the Human Factor in Cybersecurity


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
virus
information
hack
online
concept
thief
protection
scam
fraud
malware
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Taemin Park
Exploit Development
Defense