E-Locus - Institutional Repository of the University of Crete - Implementation and performance evaluation of security defenses in ChakraCore, a state of the art JavaScript engine

Home Implementation and performance evaluation of security defenses in ChakraCore, a state of the art JavaScript engine

Results - Details

[Add to Basket]

Identifier

000413473

Title

Implementation and performance evaluation of security defenses in ChakraCore, a state of the art JavaScript engine

Alternative Title

Υλοποίηση και μέτρηση απόδοσης μηχανισμών ασφαλείας στο ChakraCore, μια σύγχρονη μηχανή JavaScript

Author

Πλέλης, Κωνσταντίνος Α.

Thesis advisor

Μαρκάτος, Ευάγγελος

Reviewer

Ιωαννίδης, Σωτήριος
Σαββίδης, Αντώνιος

Abstract

Software, such as web browsers, document viewers and processors, extend their functionality by running scripts in a virtualized environment. For example, all web browsers support executing JavaScript code. Initially the execution was performed using an interpreter. However, interpreted script execution suffers in performance compared to running native code, therefore most sophisticated engines support Just-in-Time (JIT) compilation of bytecode to native instructions. JIT compilation introduces new code in the running process, which, unless correctly hardened, can pose additional security risks. Hardening JIT code is much more complicated compared to hardening binaries or source code. While binaries and source code are analyzed off-line, and complex algorithms can be of use, JIT code can only be analyzed at runtime. This is important, since JIT compilation happens primarily for faster execution and, thus, such complex algorithms can reduce the performance gain significantly. In this thesis, we apply a set of proposed hardening solutions in a state of the art JavaScript engine, ChakraCore, and we evaluate all defenses in terms of performance. We apply different solutions and in various combinations, and we demonstrate how certain defenses can reduce the performance gain of the JIT engine significantly. Among the defenses we evaluate is Control Flow Guard, a novel Control Flow Integrity security mitigation by Microsoft, available exclusively on Windows 8.1 and Windows 10. Mainly, we focus on extending the existing constant blinding mechanism, as well as introducing blinding of implicit constants, such as those produced in code generated from conditional blocks. The target of the mitigations that are implemented and analyzed is to prevent Return Oriented Programming (ROP) attacks, either by stopping the initialization of the exploit or by raising the bar for the attacker to generate the necessary ROP gadgets.

Language

English

Subject

Attack

Browsers

Defense

Rop

Web

Άμυνα

Ασφάλεια

Διαδίκτυο

Επίθεση