Research On Defense Methods Of Memory Information Leakage Based On JavaScript Engine

Leakage of memory information to modern computers poses a serious threat.The attacker uses the acquired memory information to generate malicious behavior through code injection or reuse attacks.In order to deal with the security threats brought about by these attacks,address space layout randomization(ASLR)and DEP and other defense methods have been proposed and have played a certain role.However,most of these defenses lack adaptability to the protection of dynamically generated code.With the rapid popularity of the Internet,browsers are playing an increasingly important role in real life.As part of the browser engine,the Java Script(JS)engine introduces JIT justin-time compilation technology.This just-in-time compilation technology provides a mechanism for dynamically generating executable code.While bringing high efficiency to the JS engine,it also faces the fact that dynamically generated code lacks effective protection.To this end,this paper analyzes the security threats faced by the JS engine under memory information leakage,and proposes a JS engine defense scheme based on runtime randomization.The main research work and innovations of this article are as follows :1)Aiming at the security threat caused by memory information leakage faced by the JS engine,based on the idea of increasing the unpredictability of the memory address of the JS engine,a method for preventing the memory information leakage of the JS engine based on randomization at runtime is proposed,The defense effect of the JS engine in responding to memory-based information leakage attacks is realized.2)Aiming at the selective problems of two types of executable code randomization in the JS engine,based on the idea of implementing code randomization to achieve a balance between performance and security,a JS engine based on bytecode was designed Randomization scheme at runtime.3)The selection of the triggering conditions for randomization will affect the frequency of the randomized system,and it will have a greater impact on the performance overhead of the randomized system.It is based on ensuring the randomization effect and making the system running overhead On the basis of possibly small ideas,a risk-based change before using(CBU)randomization trigger mechanism is designed to ensure the effectiveness of the runtime randomization system based on the JS engine with the smallest possible operating overhead Sex.And by setting the empty instruction method,randomize the JS engine.4)A memory information leakage prevention scheme based on the runtime randomization method is designed and implemented on the V8 engine,and the effectiveness and performance overhead of the runtime randomization prevention memory information leakage method based on the JS engine are tested and analyzed through experiments.The JS engine runtime randomization experiment system developed based on the method proposed in this paper effectively completes the defense against memory information leakage,has good running performance,and the resource overhead is within the acceptable range,reaching the expected design goal.