Randomization can’t stop BPF JIT spray

Elena Reshetova*, Filippo Bonazzi, N. Asokan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

1 Citation (Scopus)

Abstract

The Linux kernel Berkeley Packet Filter (BPF) and its Just-In-Time (JIT) compiler are actively used in various pieces of networking equipment where filtering speed is especially important. In 2012, the Linux BPF/JIT compiler was shown to be vulnerable to a JIT spray attack; fixes were quickly merged into the Linux kernel in order to stop the attack. In this paper we show two modifications of the original attack which still succeed on a modern 4.4 Linux kernel, and demonstrate that JIT spray is still a major problem for the Linux BPF/JIT compiler. This work helped to make the case for further and proper countermeasures to the attack, which have then been merged into the 4.7 Linux kernel.

Original languageEnglish
Title of host publicationNetwork and System Security - 11th International Conference, NSS 2017, Proceedings
Pages233-247
Number of pages15
Volume10394 LNCS
DOIs
Publication statusPublished - 2017
MoE publication typeA4 Article in a conference publication
EventInternational Conference on Network and System Security - Helsinki, Helsinki, Finland
Duration: 21 Aug 201723 Aug 2017
Conference number: 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10394 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Network and System Security
Abbreviated titleNSS
CountryFinland
CityHelsinki
Period21/08/201723/08/2017

Keywords

  • Berkeley Packet Filter
  • JIT spray
  • Network security

Fingerprint Dive into the research topics of 'Randomization can’t stop BPF JIT spray'. Together they form a unique fingerprint.

Cite this