Issue No. 02 - March/April (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.53
Yan Ivnitskiy , Matasano Security
Chris Rohlf , Leaf SR
Any added complexity in a software system will increase the possible program states, introducing a larger attack surface and the possibility of more exploitable flaws. JIT engines, however, alter the environment in which they execute in far more interesting ways, not only through implementation flaws but also by their fundamental operation modes.
Yan Ivnitskiy, Chris Rohlf, "The Security Challenges of Client-Side Just-in-Time Engines", IEEE Security & Privacy, vol. 10, no. , pp. 84-86, March/April 2012, doi:10.1109/MSP.2012.53