Constant Blinding on GraalVM

Constant Blinding on GraalVM

Matthias Neugschwandtner, Gergo Barany, Felix Berlakovich

04 April 2022

With the advent of JIT-compilers, code-injection attacks have seen a revival in the form of JIT-spraying. JIT-spraying enables an attacker to inject gadgets into executable memory, effectively bypassing W^X and ASLR. In response to JIT-spraying, constant blinding has emerged as a conceptually simple and performance friendly defense. Unfortunately, a number of increasingly sophisticated attacks has pinpointed the shortcomings of existing constant blinding implementations. In this paper, we present our constant blinding implementation for the GraalVM, taking into account the insights from the last decade regarding the security of constant blinding. We discuss important design decisions and tradeoffs as well as the practical implementation issues encountered when implementing constant blinding for GraalVM. We evaluate the performance impact of our implementation with different configurations and demonstrate its effectiveness by fuzzing for unblinded constants.


Venue : 15th EUROPEAN WORKSHOP ON SYSTEMS SECURITY https://concordia-h2020.eu/eurosec-2022/

File Name : eurosec2022-final4.pdf