An Initial Evaluation of ROP-based JIT-Compilation

  1. P. Bravo
  2. F. Ortin 1
  1. 1 Universidad de Oviedo
    info

    Universidad de Oviedo

    Oviedo, España

    ROR https://ror.org/006gksa02

Actas:
Proceedings of the International Conference on Computer Science and Information Engineering (CSIE 2015)

Editorial: DEStech Publications, INC.

ISBN: 978-1-60595-255-0

Año de publicación: 2015

Páginas: 144-149

Congreso: 2015 2nd International Conference on Communication Technology and Application

Tipo: Aportación congreso

WoS: WOS:000363781300025 GOOGLE SCHOLAR

Resumen

Return-oriented programming (ROP) is a security exploit technique that allows an attacker to execute code in the presence of security defenses. By modifying the contents of the runtime stack, the program control flow can be changed to execute specific machine sequences called gadgets. This new way of thinking about program flow may be useful for improving the runtime performance of specific language features such as structural reflection, dynamic code evaluation, and function composition. This article presents an initial evaluation of ROP as a JIT-compilation technique. We compare runtime performance, memory consumption and compilation time of four different back-ends, including ROP, of a simple stackbased virtual machine.

Ver financiación

Información de financiación

This work was partially funded by the Department of Science and Innovation (Spain) under the National Program for Research, Development and Innovation: project TIN2011-25978. We have also received funds from the Principality of Asturias to support the Computational Reflection research group, grant GRUPIN14100.

Financiadores

Referencias bibliográficas

  • Shacham, H., The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Proc. 14th ACM Conference in Computer and Communications Security (CCS 07), pp. 552–561, 2007.
  • Prandini, M. & Ramilli, M., Return-Oriented Programming. IEEE Security & Privacy, pp. 84-87, 2012.
  • Ortin, F., Labrador, M. A. & Redondo, J. M., A hybrid class- and prototypebased object model to support language-neutral structural intercession. Information and Software Technology, Volume 56, Issue 2, pp. 199-219, 2014.
  • Aycock, J., A brief history of just-in-time compilation. ACM Computing Surveys (CSUR) Surveys, Volume 35 Issue 2, pp. 97-113, 2003.
  • Georges, A., Buytaert, D., & Eeckhout, L., Statistically rigorous Java performance evaluation, OOPSLA ’07, ACM, New York, NY, USA, pp. 57–76, 2007.
  • Redondo, J. M. & Ortin, F., A Comprehensive Evaluation of Widespread Python Implementations. IEEE Software, to be published.
  • Diggins, C., What is a concatenative language, Dr. Dobbs, 2008.
  • Ortin, F., Zapico, D., & Cueva, J. M., Design Patterns for Teaching Type Checking in a Compiler Construction Course. IEEE Transactions on Education, Volume 50, Issue 3, pp. 273-283, 2007.
  • Bletsch, T., Jiang, X., Freeh, V. W., & Liang, Z., Jump-oriented programming: a new class of code-reuse attack. 6th ACM Symposium on Information, Computer and Communications Security, pp. 30-40, 2011.
  • Homescu, A., Stewart, M., Larsen, P., & Brunthaler, S. Microgadgets: size does matter in Turing-complete Return-oriented programming. 6th USENIX Workshop on Offensive Technologies, Bellevue, WA, 2012.