Your browser does not support JavaScript!

access icon free JITSafe: a framework against Just-in-time spraying attacks

A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.


    1. 1)
      • 24. Sotirov, A.: ‘Heap feng shui in javascript,’ 2007. Available at:
    2. 2)
      • 17. SAP GUI 7.10 WebViewer3D ActiveX - JIT-Spray Exploit, Digital Security Research Group, 2010. Available at:
    3. 3)
      • 13. Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: ‘Drop: detecting return-oriented programming malicious code’. Proc. Fifth Int. Conf. on Information Systems Security (ICISS), Berlin, Heidelberg, Springer-Verlag, 2009, pp. 163177.
    4. 4)
      • 5. Address Space Layout Randomization in Windows Vista, Microsoft Corporation, 2006. Available at:
    5. 5)
      • 6. Bhatkar, E., Duvarney, D.C., Sekar, R.: ‘Address obfuscation: an efficient approach to combat a broad range of memory error exploits’. Proc. 12th USENIX Security Symp., 2003, pp. 105120.
    6. 6)
      • 21. Cowan, C., Pu, C., Maier, D., et al: ‘Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks’. Proc. Seventh Conf. on USENIX Security Symp. (USENIX), Berkeley, CA, USA, USENIX Association, 1998, pp. 6378.
    7. 7)
      • 1. Data Execution Prevention (DEP) in Windows XP Service Pack 2, Microsoft Corporation, 2006. Available at:
    8. 8)
      • 19. Sintsov, A.: ‘Jit spraying attack on safari,’ 2010. Available at:
    9. 9)
      • 29. Bania, P.: ‘Jit spraying and mitigations,’ CoRRComputing Research Repository (CoRR) abs/1009.1038, 2010. Available at:
    10. 10)
      • 28. Ratanaworabhan, P., Livshits, B., Zorn, B.: ‘Nozzle: a defense against heap-spraying code injection attacks’. Proc. 18th Conf. on USENIX Security Symp. (SSYM), Berkeley, CA, USA, USENIX Association, 2009, pp. 169186.
    11. 11)
      • 27. Libemu: ‘X86 shellcode detection and emulation,’ 2010. Available at:
    12. 12)
      • 26. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: ‘Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks’. Proc. Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2009, pp. 88106.
    13. 13)
      • 2. The Pax project, Pax Team, 2004. Available at:
    14. 14)
      • 31. Gadaleta, F., Younan, Y., Joosen, W.: ‘Bubble: a javascript engine level countermeasure against heap-spraying attacks’, in Massacci, F., Wallach, D., Zannone, N. (Ed.): ‘Engineering Secure Software and Systems’ (Springer-Berlin, Heidelberg, 2010), vol. 5965, pp. 117.
    15. 15)
      • 15. V8 JavaScript Engine, Google Inc., 2010. Available at:
    16. 16)
      • 14. The WebKit Open Source Project, Webkit, 2010. Available at:
    17. 17)
      • 7. Blazakis, D.: ‘Interpreter exploitation’. Proc. Fourth USENIX Conf. Offensive Technologies (WOOT), Berkeley, CA, USA, USENIX Association, 2010, pp. 19.
    18. 18)
      • 3. Designer, S.: ‘Getting around non-executable stack (and fix),’ 1997. Available at:
    19. 19)
      • 10. Liebowitz, M.: ‘it spraying’: Hackers find new ways to hi-jack applications,’ 2011. Available at:
    20. 20)
      • 30. Tao, W., Tielei, W., Lei, D., Jing, L.: ‘Secure dynamic code generation against spraying’. Proc. 17th ACM Conf. on Computer and Communications Security (CCS) poster, New York, NY, USA, ACM, 2010, pp. 738740.
    21. 21)
      • 20. Chen, P., Xing, X., Mao, B., Xie, L., Shen, X., Yin, X.: ‘Automatic construction of jump – oriented programming shellcode (on the x86)’. Proc. Sixth ACM Symp. on Information, Computer and Communications Security (ASIACCS), New York, NY, USA, ACM, 2011, pp. 2029.
    22. 22)
      • 22. Etoh, J.: ‘Gcc extension for protecting applications from stack-smashing attacks,’ June 2000. Available at:
    23. 23)
      • 32. De Groef, W., Nikiforakis, N., Younan, Y., Piessens, F.: ‘Jitsec: just-in-time security for code injection attacks’. Benelux Workshop on Information and System Security (WISSEC 2010), November 2010. Available at:
    24. 24)
      • 11. Wikipedia: ‘Heap spraying,’ 2010. Available at:
    25. 25)
      • 8. Sintsov, A.: ‘Writing jit-spray shellcode for fun and profit,’ Digital Security Research Group, Tech. Rep., 2010. Available at:
    26. 26)
      • 25. Ding, Y., Wei, T., Wang, T., Liang, Z., Zou, W.: ‘Heap taichi: exploiting memory allocation granularity in heap-spraying attacks’. Proc. 26th Annual Computer Security Applications Conf. (ACSAC), New York, NY, USA, ACM, 2010, pp. 327336.
    27. 27)
      • 23. Wu, L.-A., Lidar, D.: ‘Quantum malware’, Quantum Inf. Process., 2006, 5, (2), pp. 6981 (doi: 10.1007/s11128-006-0014-5).
    28. 28)
      • 9. Sintsov: ‘Jit-sprary attacks & advanced shellcode,’ Digital Security Research Group, Technical Report, 2010. Available at:
    29. 29)
      • 4. Shacham, H.: ‘The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)’. Proc. 14th ACM Conf. Computer and Communications Security (CCS), New York, NY, USA, ACM, 2007, pp. 552561.
    30. 30)
      • 16. Google Chrome ‘SaveAs’ Function Buffer Overflow Vulnerability, Security Vulnerability Research Team, 2008. Available at:
    31. 31)
      • 18. Oracle Document Capture (EasyMail Objects EMSMTP.DLL 6.0.1) ActiveX Control BOF – JIT-Spray Exploit, Digital Security Research Group, 2010. Available at:
    32. 32)
      • 12. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: ‘Return-oriented programming: Systems, languages, and applications’, ACM Trans. Inf. Syst. Secur. (TISSEC), 2012, 15, (1), pp. 134. Available at: (doi: 10.1145/2133375.2133377).

Related content

This is a required field
Please enter a valid email address