UC Irvine

Dynamically-typed languages have improved programming experience in software development, leading to widespread adoption in the modern software ecosystem. As dynamically- typed languages continue to evolve, their implementations inevitably become more complex and error-prone. As a result, many bugs in the language implementations are found every year, and attackers try to exploit them for code-injection or code-reuse attacks. Prior work has attempted to defend against these attacks by using technologies such as data execution prevention (DEP), software diversity, control-flow integrity (CFI), etc. However, interactive scripting environments provide attackers with a unique attack surface, capable of bypassing existing defenses.

In this dissertation, we explore a new attack vector that was thought to be non-exploitable: the bytecode interpreter attack. We propose four attack strategies to compromise the byte- code interpreter itself. We show that our attacks successfully lead to arbitrary code execution in three popular dynamically-typed languages (Python, Lua, and JavaScript). To address this new attack vector, we propose a new comprehensive mitigation for dynamically-typed languages: NoJitsu. NoJITsu protects complex, real-world scripting engines from not only the bytecode corruption but also prior code-injection and reuse attacks. The key idea behind our comprehensive defense is to enable fine-grained memory access control for individual memory regions based on their roles throughout the script engine’s life-cycle. We combine automated analysis, instrumentation, compartmentalization, and Intel’s Memory-Protection Keys (MPK) to secure script engines against existing and newly synthesized attacks. Further, we thoroughly test our implementation using several real-world scenarios as well as standard benchmarks. We show that NoJITsu successfully thwarts code-reuse, code-injection, and bytecode attacks against any part of the scripting engine while offering a modest run-time overhead.