BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks
| Autor: | Francesco Gadaleta, Yves Younan, Wouter Joosen |
|---|---|
| Přispěvatelé: | Massacci, Fabio, Wallach, Dan, Zannone, Nicola |
| Rok vydání: | 2010 |
| Předmět: | |
| Zdroj: | Lecture Notes in Computer Science ISBN: 9783642117466 ESSoS |
| DOI: | 10.1007/978-3-642-11747-3_1 |
| Popis: | Web browsers that support a safe language such as Javascript are becoming a platform of great interest for security attacks. One such attack is a heap-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high number of objects containing the attacker’s code on the heap, dramatically increasing the probability that the contents of one of these objects is executed. In this paper we present a lightweight approach that makes heap-spraying attacks in Javascript significantly harder. Our prototype, which is implemented in Firefox, has a negligible performance and memory overhead while effectively protecting against heap-spraying attacks. ispartof: pages:1-17 ispartof: ENGINEERING SECURE SOFTWARE AND SYSTEMS, PROCEEDINGS vol:5965 pages:1-17 ispartof: ESSoS location:Pisa date:3 Feb - 4 Feb 2010 status: published |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|