JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine - Système d’Exploitation, systèmes Répartis, de l’Intergiciel à l’Architecture
Communication Dans Un Congrès Année : 2024

JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine

Résumé

Nowadays, most services are delivered through the web and thus heavily rely on JavaScript (JS). To accommodate the need for more performance, JS runtimes integrated Just-In-Time (JIT) compilation engines, which compile frequently-called portions of code for faster execution. To produce efficient machine code, the JIT applies complex optimization passes on the code in question. However, inadequate modeling of the side effects of these optimizations can introduce vulnerabilities in certain optimization passes. Such vulnerabilities are regularly discovered, and often have a high impact. Once a vulnerability is identified, it is eventually patched, but not without involving several steps (development, testing, release, user consent), leaving the system vulnerable for a relatively long period: the vulnerability window. We propose JITBULL, a solution that secures the JIT engines of JS runtimes during the vulnerability window by leveraging a vulnerability's demonstrator codes. To that end, JITBULL extracts the effects of JIT compiler optimization passes on said vulnerability demonstrator codes. For every subsequent JITed code, JITBULL compares the effects of its optimization passes with those on the demonstrator codes. If similarities are detected, JITBULL assumes that the currently executing script may be malicious and disables the related optimization passes, or if that's not possible, the whole JIT engine. We implemented JITBULL in Firefox's JS runtime (SpiderMonkey) and tested it against several known vulnerabilities with public demonstrator codes. Our results demonstrate that JITBULL consistently safeguards the JIT engine against exploitation by a variant of a known vulnerability. Moreover, we show that JITBULL exhibits a false positive rate of less than 5% on the JS Octane benchmark suite, while causing an acceptable overhead of less than 20%.
Fichier principal
Vignette du fichier
JITNO.pdf (492.49 Ko) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-04705924 , version 1 (23-09-2024)

Identifiants

Citer

Jean-Baptiste Decourcelle, Boris Teabe, Daniel Hagimont. JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine. 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2024 ), University of Queensland, Australia, Jun 2024, Brisbane, Australia. pp.156--168, ⟨10.1109/DSN58291.2024.00028⟩. ⟨hal-04705924⟩
52 Consultations
12 Téléchargements

Altmetric

Partager

More