JITSec: Just-in-time Security for Code Injection Attacks

In order to combat code injection attacks, modern operating systems use among others, the Write-XOR-Execute (W⊕X) countermeasure which disallows code execution from writable memory pages. Unfortunately though, a widely used programming technique, namely Just-in-time compilation (JIT), clashes with the use of this countermeasure since its use relies on writable memory where it places dynamically generated code. In order to overcome this problem, programmers that use such techniques, code around the (W⊕X) countermeasure in ways that open up their programs to code injection attacks. In this paper we present JITSec, a new countermeasure specifically geared towards programs that use JIT compilation techniques. By decoupling sensitive from non-sensitive code, we block the execution of the former from writable memory pages while allowing the latter. Our distinction is based on the separation of normal function calls within the processes’ address space from system calls. Our resulting system is fully transparent to the operating system and makes it possible to protect all applications without user intervention or access to source code. The overhead of our prototype is negligible (under 2%), allowing its adoption as an extra line of defense in cases where code execution from writable memory pages is desired.