JavaScript engine memory information leakage defense method and system based on runtime randomization

A memory information, randomization technology, applied in the Internet field, can solve the problem of low security

Pending Publication Date: 2020-10-20
WUHAN UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention proposes a JavaScript engine memory information leakage defense method and system based on runtime randomiz

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • JavaScript engine memory information leakage defense method and system based on runtime randomization
  • JavaScript engine memory information leakage defense method and system based on runtime randomization
  • JavaScript engine memory information leakage defense method and system based on runtime randomization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] This embodiment provides a JavaScript engine memory information leakage defense method based on runtime randomization, the method comprising:

[0045] S1: Initialize the runtime randomization system based on the JavaScript engine;

[0046] S2: Monitor risky behaviors that may cause memory information leakage during the running of the JavaScript engine, and trigger runtime randomization system execution if risky behaviors occur;

[0047] S3: When the runtime randomization system is triggered, adjust the size of the space occupied by the empty instruction in the memory to realize the randomization of the JavaScript engine;

[0048] S4: Manage the memory during the operation of the runtime randomization system, and recycle and manage the memory garbage generated by the runtime randomization system during operation.

[0049] Specifically, step S1 is system initialization. Initialize the runtime randomization system based on the JavaScript engine.

[0050]Step S2 is to mo...

Embodiment 2

[0077] Based on the same inventive concept, the second aspect of the present invention provides a JavaScript engine memory information leakage defense system based on runtime randomization, please refer to figure 2 , the system consists of:

[0078] The initialization module 201 is used to initialize the runtime randomization system based on the JavaScript engine;

[0079] The randomization triggering module 202 is used to monitor risky behaviors that may cause memory information leakage during the running of the JavaScript engine, and trigger the runtime randomization system to execute if the risky behaviors occur;

[0080] The randomization operation module 203 is used to adjust the size of the space occupied by the empty instruction in the memory when the runtime randomization system is triggered, so as to realize the randomization of the JavaScript engine;

[0081] The memory management module 204 is configured to manage the memory during the operation of the runtime ran...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a JavaScript engine memory information leakage prevention method and system based on runtime randomization. The method comprises the following steps of step 1), initializing the system, carrying out initialization setting on a JavaScript engine-based runtime randomization system; 2) monitoring a risk behavior causing memory information leakage in a JavaScript engine runningprocess, and triggering a randomized system to execute during running; 3) realizing randomized operation of the JS engine; and 4) managing the memory in the operation process of the randomized systemduring operation, thereby realizing recovery management of memory garbage generated during operation of the randomized system during operation. The method is advantaged in that a security protectionproblem of dynamically generating the code by the JavaScript engine can be solved, and the capacity of the JS engine for coping with attacks based on memory information leakage is effectively improved.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a JavaScript engine memory information leakage defense method and system based on runtime randomization. Background technique [0002] With the rapid popularization of the Internet, browsers are playing an increasingly important role in real life. The JavaScript (JS) engine, as a part of the browser engine, introduces JIT (just-in-time) instant compilation technology. This just-in-time compilation technology provides a mechanism for dynamically generating executable code. While improving the execution efficiency of the JavaScript engine, it also faces the fact that the dynamically generated code lacks effective protection. Attackers use memory leak vulnerabilities to illegally obtain the memory information of the JavaScript engine, and use these memory information to generate malicious behavior through attacks such as code injection or reuse, which poses a great security th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/52G06F21/55G06F9/455
CPCG06F9/45529G06F21/52G06F21/55
Inventor 沈志东陈维英
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap