BuBBle: A Javascript Engine Level Countermeasure Against Heap-Spraying Attacks

Date Added: Jan 2010
Format: PDF

Web browsers that support a safe language such as Javascript are becoming a platform of great interest for security attacks. One such attack is a heap-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high number of objects containing the attacker's code on the heap, dramatically increasing the probability that the contents of one of these objects is executed. In this paper, the authors present a lightweight approach that makes heap-spraying attacks in Javascript significantly harder.