The Security Challenges of Client-Side Just-in-Time Engines

Chris Rohlf; Yan Ivnitskiy

doi:10.1109/MSP.2012.53

Security&Privacy
2012
Issue No. 2 - March/April
Abstract - The Security Challenges of Client-Side Just-in-Time Engines

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Chris Rohlf Articles by Yan Ivnitskiy

The Security Challenges of Client-Side Just-in-Time Engines

March/April 2012 (vol. 10 no. 2)

pp. 84-86

	ASCII Text	x
	Chris Rohlf, Yan Ivnitskiy, "The Security Challenges of Client-Side Just-in-Time Engines," IEEE Security & Privacy, vol. 10, no. 2, pp. 84-86, March/April, 2012.

	BibTex	x
	@article{ 10.1109/MSP.2012.53, author = {Chris Rohlf and Yan Ivnitskiy}, title = {The Security Challenges of Client-Side Just-in-Time Engines}, journal ={IEEE Security & Privacy}, volume = {10}, number = {2}, issn = {1540-7993}, year = {2012}, pages = {84-86}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.53}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - The Security Challenges of Client-Side Just-in-Time Engines IS - 2 SN - 1540-7993 SP84 EP86 EPD - 84-86 A1 - Chris Rohlf, A1 - Yan Ivnitskiy, PY - 2012 KW - just in time KW - JIT KW - JavaScript KW - JIT compilers KW - JIT engines KW - data execution protection KW - DEP KW - Address Space Layout Randomization KW - ASLR KW - security vulnerabilities KW - memory safety exploits KW - computer security VL - 10 JA - IEEE Security & Privacy ER -

Chris Rohlf, Leaf SR

Yan Ivnitskiy, Matasano Security

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.53

Any added complexity in a software system will increase the possible program states, introducing a larger attack surface and the possibility of more exploitable flaws. JIT engines, however, alter the environment in which they execute in far more interesting ways, not only through implementation flaws but also by their fundamental operation modes.

Index Terms:

just in time, JIT, JavaScript, JIT compilers, JIT engines, data execution protection, DEP, Address Space Layout Randomization, ASLR, security vulnerabilities, memory safety exploits, computer security

Citation:

Chris Rohlf, Yan Ivnitskiy, "The Security Challenges of Client-Side Just-in-Time Engines," IEEE Security & Privacy, vol. 10, no. 2, pp. 84-86, March-April 2012, doi:10.1109/MSP.2012.53

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.