Skip to main content
Conference ProceedingsOPEN ACCESS

A Framework for Automatic Exploit Generation for JIT Compilers

CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021 (2021) 11-19
DOI: 10.1145/3465413.3488573
3Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.

Abstract

This paper proposes a framework for automatic exploit generation in JIT compilers, focusing in particular on heap corruption vulnerabilities triggered by dynamic code, i.e., code generated at runtime by the JIT compiler. The purpose is to help assess the severity of vulnerabilities and thereby assist with vulnerability triage. The framework consists of two components: the first extracts high-level representations of exploitation primitives from existing exploits, and the second uses the primitives so extracted to construct exploits for new bugs. We are currently building a prototype implementation of the framework focusing on JavaScript JIT compilers. To the best of our knowledge, this is the first proposal to consider automatic exploit generation for code generated dynamically by JIT compilers.

Author supplied keywords

Cite

CITATION STYLE

APA

Kang, X., & Debray, S. (2021). A Framework for Automatic Exploit Generation for JIT Compilers. In CheckMate 2021 - Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks, co-located with CCS 2021 (pp. 11–19). Association for Computing Machinery, Inc. https://doi.org/10.1145/3465413.3488573

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free