24c3-2247-en-breaking_a_vm.mkv
- Type:
- Video > Other
- Files:
- 1
- Size:
- 44.78 MiB (46950202 Bytes)
- Uploaded:
- 2007-12-30 00:33 GMT
- By:
- num42
- Seeders:
- 0
- Leechers:
- 0
- Info Hash: 1E6D01274D18540B0775653C005F607E94843781
http://events.ccc.de/congress/2007/Fahrplan/events/2247.en.html Speakers: Roland Lezuo Peter Molnar Just in Time compilers - breaking a VM Practical VM exploiting based on CACAO We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.