A Framework for Automatic Exploit Generation for JIT Compilers

Xiyu Kang; Saumya Debray

doi:10.1145/3465413.3488573

A Framework for Automatic Exploit Generation for JIT Compilers

Xiyu Kang, Saumya Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.

Original language	English (US)
Title of host publication	CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021
Publisher	Association for Computing Machinery, Inc
Pages	11-19
Number of pages	9
ISBN (Electronic)	9781450385527
DOIs	https://doi.org/10.1145/3465413.3488573
State	Published - Nov 19 2021
Event	2021 Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, CheckMate 2021 - Virtual, Online, Korea, Republic of Duration: Nov 19 2021 → …

Publication series

Name	CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021

Conference

Conference	2021 Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, CheckMate 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/19/21 → …

Keywords

automatic exploit generation
dynamic code
jit compiler in javascript engines

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Software

Access to Document

10.1145/3465413.3488573

Cite this

Kang, X., & Debray, S. (2021). A Framework for Automatic Exploit Generation for JIT Compilers. In CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021 (pp. 11-19). (CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021). Association for Computing Machinery, Inc. https://doi.org/10.1145/3465413.3488573

A Framework for Automatic Exploit Generation for JIT Compilers. / Kang, Xiyu; Debray, Saumya.
CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021. Association for Computing Machinery, Inc, 2021. p. 11-19 (CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kang, X & Debray, S 2021, A Framework for Automatic Exploit Generation for JIT Compilers. in CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021. CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021, Association for Computing Machinery, Inc, pp. 11-19, 2021 Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, CheckMate 2021, Virtual, Online, Korea, Republic of, 11/19/21. https://doi.org/10.1145/3465413.3488573

Kang X, Debray S. A Framework for Automatic Exploit Generation for JIT Compilers. In CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021. Association for Computing Machinery, Inc. 2021. p. 11-19. (CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021). doi: 10.1145/3465413.3488573

Kang, Xiyu ; Debray, Saumya. / A Framework for Automatic Exploit Generation for JIT Compilers. CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021. Association for Computing Machinery, Inc, 2021. pp. 11-19 (CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021).

@inproceedings{957d35ff0e1141dc973115b9408dbd8c,

title = "A Framework for Automatic Exploit Generation for JIT Compilers",

abstract = "This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.",

keywords = "automatic exploit generation, dynamic code, jit compiler in javascript engines",

author = "Xiyu Kang and Saumya Debray",

note = "Publisher Copyright: {\textcopyright} 2021 Owner/Author.; 2021 Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, CheckMate 2021 ; Conference date: 19-11-2021",

year = "2021",

month = nov,

day = "19",

doi = "10.1145/3465413.3488573",

language = "English (US)",

series = "CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021",

publisher = "Association for Computing Machinery, Inc",

pages = "11--19",

booktitle = "CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021",

}

TY - GEN

T1 - A Framework for Automatic Exploit Generation for JIT Compilers

AU - Kang, Xiyu

AU - Debray, Saumya

PY - 2021/11/19

Y1 - 2021/11/19

N2 - This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.

AB - This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.

KW - automatic exploit generation

KW - dynamic code

KW - jit compiler in javascript engines

UR - http://www.scopus.com/inward/record.url?scp=85121149264&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85121149264&partnerID=8YFLogxK

U2 - 10.1145/3465413.3488573

DO - 10.1145/3465413.3488573

M3 - Conference contribution

AN - SCOPUS:85121149264

T3 - CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021

SP - 11

EP - 19

BT - CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021

PB - Association for Computing Machinery, Inc

T2 - 2021 Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, CheckMate 2021

Y2 - 19 November 2021

ER -

A Framework for Automatic Exploit Generation for JIT Compilers

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this