Librando: Transparent Code Randomization For Just-In-Time Compilers

Brief Description

Just-in-time compilation is a method of executing computer code which, while boasting superior execution times, is prone to security exploits. UCI researchers have developed librando, a software framework for increasing security for just-in-time compilers, ensuring that generated program code is not predictable to an attacker.

Suggested uses

• Increasing security for software that generates new code at run-time, especially just-in-time compilers

Advantages

• Increases security through dynamic code randomization
• Software-based approach requires no changes to the compiler and allows smooth integration
• Specifically built for just-in-time compilers, resulting in faster speed than general purpose alternatives

Full Description

Compilers for computer code translate the code, usually from one language that people understand to one that the computer can execute. The code that needs to be executed is usually either completely translated beforehand (ahead of time compilation) or immediately executed without pre-translation (interpretation). Just-in-time compilation combines both and receives some of the benefits and drawback of both. It has the increased execution speed of compilation and flexibility of interpretation. One drawback, which has become a security concern, is the predictability of just-in-time compilers which has made them susceptible to JIT spraying and code reuse attacks.
UCI researchers have developed librando, a binary rewriting library that hardens JIT compilers, and generally any software that generates new code at run-time, against these attacks. Librando supports randomization of code from a just-in-time compiler without requiring any internal changes to the compiler, making it easily and quickly portable to existing systems. The system can be implemented immediately at a performance cost, while developers work to integrate librando into the compiler to boost performance. With the rising use of just-in-time compilers, librando gives defenders a quick and comprehensive response to future attacks. 

State Of Development

Librando was tested on two industrial-strength JIT compilers, both widely used at present.

Patent Status

Related Materials

• Homescu, A.; Brunthaler, S.; Larsen, P.; Franz, M. Librando. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS 13 2013