Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESSOS
2010
Springer
2010
Springer
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks
Web browsers that support a safe language such as Javascript are becoming a platform of great interest for security attacks. One such attack is a heap-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high number of objects containing the attacker’s code on the heap, dramatically increasing the probability that the contents of one of these objects is executed. In this paper we present a lightweight approach that makes heap-spraying attacks in Javascript significantly harder. Our prototype, which is implemented in Firefox, has a negligible performance and memory overhead while effectively protecting against heap-spraying attacks.
Real-time TrafficESSOS 2010 | Heap-based Buffer Overflow | Heap-spraying Attacks | Software Engineering | Typical Heap-spraying Attack |
| Added | 09 Jul 2010 |
| Updated | 09 Jul 2010 |
| Type | Conference |
| Year | 2010 |
| Where | ESSOS |
| Authors | Francesco Gadaleta, Yves Younan, Wouter Joosen |
Comments (0)
Researcher Info
|
