
Nojitsu: Locking Down JavaScript Engines [pdf] - gbrown_
https://people.cs.kuleuven.be/~stijn.volckaert/papers/2020_NDSS_NoJITsu.pdf
======
lioeters
Fresh off the press, this is from Network and Distributed Systems Security
(NDSS) Symposium, Feb 23-26 2020.

From the abstract:

Our paper demonstrates that securing JIT compilation is not sufficient. First,
we present a proof-of-concept data-only attack against a recent version of
Mozilla’s SpiderMonkey JIT in which the attacker only corrupts heap objects to
successfully issue a system call from within bytecode execution at run time.

Second, we design a novel defense, dubbed NOJITSU to protect complex, real-
world scripting engine from data-only attacks against interpreted code. The
key idea behind our defense is to enable fine-grained memory acces control for
individual memory regions based on their roles throughout the JavaScript
lifecycle.

