Issue No.02 - March/April (2012 vol.10)
Chris Rohlf , Leaf SR
Yan Ivnitskiy , Matasano Security
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.53
Any added complexity in a software system will increase the possible program states, introducing a larger attack surface and the possibility of more exploitable flaws. JIT engines, however, alter the environment in which they execute in far more interesting ways, not only through implementation flaws but also by their fundamental operation modes.
Chris Rohlf, Yan Ivnitskiy, "The Security Challenges of Client-Side Just-in-Time Engines", IEEE Security & Privacy, vol.10, no. 2, pp. 84-86, March/April 2012, doi:10.1109/MSP.2012.53