Just in Time compilers - breaking a VM
- Type
- Audio
- Tags
- Java
- Authors
- Peter Molnar, Roland Lezuo
- Event
- Chaos Communication Congress 24th (24C3) 2007
- Indexed on
- Mar 27, 2013
- URL
- http://dewy.fem.tu-ilmenau.de/CCC/24C3/mp3/24c3-2247-en-breaking_a_vm.mp3
- File name
- 24c3-2247-en-breaking_a_vm.mp3
- File size
- 18.4 MB
- MD5
- 1b044b12c70704f253925d494e1c1d55
- SHA1
- dfdbd28293d5d8f898cb3e3f9ef21679a4cdbcb9
We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
