research-article

Librando: transparent code randomization for just-in-time compilers

Authors:

Andrei Homescu,

Stefan Brunthaler,

Michael FranzAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 993 - 1004

https://doi.org/10.1145/2508859.2516675

Published: 04 November 2013 Publication History

Abstract

Just-in-time compilers (JITs) are here to stay. Unfortunately, they also provide new capabilities to cyber attackers, namely the ability to supply input programs (in languages such as JavaScript) that will then be compiled to executable code. Once this code is placed and marked as executable, it can then be leveraged by the attacker.

Randomization techniques such as constant blinding raise the cost to the attacker, but they significantly add to the burden of implementing a JIT. There are a great many JITs in use today, but not even all of the most commonly used ones randomize their outputs.

We present librando, the first comprehensive technique to harden JIT compilers in a completely generic manner by randomizing their output transparently ex post facto. We implement this approach as a system-wide service that can simultaneously harden multiple running JITs. It hooks into the memory protections of the target OS and randomizes newly generated code on the fly when marked as executable.

In order to provide "black box" JIT hardening, librando needs to be extremely conservative. For example, it completely preserves the contents of the calling stack, presenting each JIT with the illusion that it is executing its own generated code. Yet in spite of the heavy lifting that librando performs behind the scenes, the performance impact is surprisingly low. For Java (HotSpot), we measured slowdowns by a factor of 1.15x, and for compute-intensive JavaScript (V8) benchmarks, a slowdown of 3.5x.

For many applications, this overhead is low enough to be practical for general use today.

References

[1]

J. Ansel, P. Marchenko, U. Erlingsson, E. Taylor, B. Chen, D. L. Schuff, D. Sehr, C. L. Biffle, and B.Yee. Language-independent sandboxing of just-in-time compilation and self-modifying code. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 355--366, 2011.

Digital Library

[2]

D. Blazakis. Interpreter exploitation. In Proceedings of the 4th USENIX Workshop on Offensive technologies, WOOT'10, 2010.

Digital Library

[3]

T. Bletsch, X. Jiang, V. Freeh, and Z. Liang. Jump-oriented programming: a new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pages 30--40, 2011.

Digital Library

[4]

D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of the 2003 International Symposium on Code Generation and Optimisation, CGO '03, 2003.

Digital Library

[5]

P. Chen, Y. Fang, B. Mao, and L. Xie. JITDefender: A defense against JIT spraying attacks. In Proceedings of the 26th IFIP TC 11 International Information Security Conference, SEC '11, pages 142--153, 2011.

[6]

F. Cohen. Operating system protection through program evolution. Computers and Security, 12(6):565--584, Oct. 1993.

Digital Library

[7]

S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems, HotOS '97, pages 67--72, 1997.

Digital Library

[8]

B. Fulgham. The computer language benchmarks game. http://shootout.alioth.debian.org/, 2012.

[9]

C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced operating system security through efficient and fine-grained address space randomization. In Proceedings of the 21st USENIX Security Symposium, pages 475--490, 2012.

Digital Library

[10]

J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd my gadgets go? In Proceedings ofthe 33rd IEEE Symposium on Security and Privacy, S&P '12, pages 571--585, 2012.

Digital Library

[11]

A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz. Profile-guided automated software diversity. In Proceedings of the 2013 International Symposium on Code Generation and Optimization, CGO '13, 2013.

Digital Library

[12]

R. Hundt, E. Raman, M. Thuresson, and N. Vachharajani. Mao -- an extensible micro-architectural optimizer. In Proceedings of the 9th IEEE/ACM International Symposium on Code Generation and Optimization, CGO '11, pages 1--10, 2011.

Digital Library

[13]

Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, August 2012.

[14]

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, C. Wimmer, and M. Franz. Compiler-generated software diversity. In S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors, Moving Target Defense, volume 54 of Advances in Information Security, pages 77--98. Springer New York, 2011.

[15]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191--206, 2002.

Digital Library

[16]

J. Li, Z. Wang, X. Jiang, M. Grace, and S. Bahram. Defeating return-oriented rootkits with "return-less" kernels. In Proceedings of the 5th European Conference on Computer Systems, EuroSys '10, pages 195--208, 2010.

Digital Library

[17]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, PLDI '05, pages 190--200, 2005.

Digital Library

[18]

S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proceedings of the 15th USENIX Security Symposium, pages 209--224, 2006.

Digital Library

[19]

N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 2003.

[20]

K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: Defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 49--58, 2010.

Digital Library

[21]

R. Pagh and F. F. Rodler. Cuckoo hashing. Journal of Algorithms, 51(2):122--144, 2004.

Digital Library

[22]

V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, S&P '12, pages 601--615, 2012.

Digital Library

[23]

M. Payer and T. R. Gross. Fine-grained user-space security through virtualization. In Proceedings of the 2011 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '11, pages 157--168, 2011.

Digital Library

[24]

C. Rohlf and Y. Ivnitskiy. Attacking clientside JIT compilers. In Black Hat USA, 2011.

[25]

{25K. Scott, N. Kumar, S. Velusamy, B. R. Childers, J. W. Davidson, and M. L. Soffa. Retargetable and reconfigurable software dynamic translation. In Proceedings of the 2003 International Symposium on Code Generation and Optimisation, CGO '03, 2003.

Digital Library

[26]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552--561, 2007.

Digital Library

[27]

H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298--307, 2004.

Digital Library

[28]

L. Tang, J. Mars, and M. L. Soffa. Compiling for niceness: mitigating contention for QoS in warehouse scale computers. In Proceedings of the 10th IEEE/ACM International Symposium on Code Generation and Optimization, CGO '12, pages 1--12, 2012.

Digital Library

[29]

R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS '12, pages 157--168, 2012.

Digital Library

[30]

T. Wei, T. Wang, L. Duan, and J. Luo. INSeRT: Protect dynamic code generation against spraying. In Proceedings of the 2011 International Conference on Information Science and Technology, ICIST '11, pages 323--328, 2011.

[31]

B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, S&P '09, pages 79--93, 2009.

Digital Library

Cited By

Jiang ZChen YGong XZhang JWang WYew P(2023)JiuJITsu: Removing Gadgets with Safe Register Allocation for JIT Code GenerationACM Transactions on Architecture and Code Optimization10.1145/3631526Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3631526
Bauman EDuan JHamlen KLin Z(2023)Renewable Just-In-Time Control-Flow IntegrityProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607239(580-594)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607239
Berlakovich FBrunthaler SFedorova ANarayanan DDi Luna GQuerzoni L(2023)R2C: AOCR-Resilient Diversity with Reactive and Reflective CamouflageProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587439(488-504)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3587439
Show More Cited By

Index Terms

Librando: transparent code randomization for just-in-time compilers
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Source code generation

Recommendations

You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Code reuse attacks allow an adversary to impose malicious behavior on an otherwise benign program. To mitigate such attacks, a common approach is to disguise the address or content of code snippets by means of randomization or rewriting, leaving the ...
HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Memory disclosure vulnerabilities have become a common component for enabling reliable exploitation of systems by leaking the contents of executable data. Previous research towards protecting executable data from disclosure has failed to gain popularity ...
Pycket: a tracing JIT for a functional language
ICFP '15

We present Pycket, a high-performance tracing JIT compiler for Racket. Pycket supports a wide variety of the sophisticated features in Racket such as contracts, continuations, classes, structures, dynamic binding, and more. On average, over a standard ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
730
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jiang ZChen YGong XZhang JWang WYew P(2023)JiuJITsu: Removing Gadgets with Safe Register Allocation for JIT Code GenerationACM Transactions on Architecture and Code Optimization10.1145/3631526Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3631526
Bauman EDuan JHamlen KLin Z(2023)Renewable Just-In-Time Control-Flow IntegrityProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607239(580-594)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607239
Berlakovich FBrunthaler SFedorova ANarayanan DDi Luna GQuerzoni L(2023)R2C: AOCR-Resilient Diversity with Reactive and Reflective CamouflageProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587439(488-504)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3587439
Hartley TZakkak FNisbet AKotselidis CLuján M(2022)Just-In-Time Compilation on ARM—A Closer Look at Call-Site Code ConsistencyACM Transactions on Architecture and Code Optimization10.1145/354656819:4(1-23)Online publication date: 16-Sep-2022
https://dl.acm.org/doi/10.1145/3546568
Berlakovich FNeugschwandtner MBarany GLindorfer MPolakis J(2022)Look Ma, no constantsProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523751(36-42)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523751
Kirth PDickerson MCrane SLarsen PDabrowski AGens DNa YVolckaert SFranz MBromberg YKermarrec AKozyrakis C(2022)PKRU-safeProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519582(132-148)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519582
Larsen PFranz MOkhravi HWang C(2020)Adoption Challenges of Code RandomizationProceedings of the 7th ACM Workshop on Moving Target Defense10.1145/3411496.3421226(45-49)Online publication date: 9-Nov-2020
https://dl.acm.org/doi/10.1145/3411496.3421226
Abrath BCoppens BBroeck JWyseur BCabutto AFalcarin PSutter B(2020)Code Renewability for Native Software ProtectionACM Transactions on Privacy and Security10.1145/340489123:4(1-31)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3404891
Wang PZhang JWang SWu D(2020)Quantitative Assessment on the Limitations of Code Randomization for Legacy Binaries2020 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP48549.2020.00009(1-16)Online publication date: Sep-2020
https://doi.org/10.1109/EuroSP48549.2020.00009
Vahldiek-Oberwagner AElnikety EDuarte NSammler MDruschel PGarg DHeninger NTraynor P(2019)ERIMProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361423(1221-1238)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361423
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten