Browser exploitation is the leading cause for the spread of malware across the web. FIGS. 1A and 1B, for example, show a typical scenario, in the form of a flow diagram (FIG. 1A) and a graphical representation of this flow diagram (FIG. 1B), for a user computer becoming compromised when its browsing application comes into data communication with an exploit.
Throughout this document an “exploit,” includes software and software tools, such as a chunk of data, code, code segment, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or electronic device (usually computerized). Such behavior frequently includes, for example, gaining control of a computer system, allowing privilege escalation, a denial-of-service attack, or installing malware. Also, throughout this document, “exploits,” “exploited,” “exploitation”, and all of the other similar terms based derivates of “exploit,” including computer hardware, software or both, which has been subjected to an “exploit.”
In FIG. 1A, at block 10, a user, via his browser 20 in his computer (not shown) (FIG. 1B), the computer being, for example, a conventional desktop computer, a laptop computer, tablet computer, such as an ipad® from Apple, a smart phone, or the like, directs the browsing application associated with the user computer, browsing applications or browsers being for example, Internet Explorer™ from Microsoft, Chrome™ from Google, and Firefox™ from Mozilla to a website (e.g., web page of the web site) containing an exploit, by making an HTTP (Hypertext Transfer Protocol) request 22. This browser 20 direction is commonly known as “surfing.” This HTTP request is received by the computer 24, server or the like, which hosts the web site to which the browser 20 has been directed.
The web site includes an exploit 26. The web site host computer transmits an HTTP response 28 to the browsing application 20 of the user's computer. The exploit the travels over the network in this HTTP response, to the browser 20 (associated with the user's computer).
Once received by the browser 20 of the user computer, the exploit (represented now as 26′) manipulates the memory and causes various triggering of events in the computer, typically those that are uninitiated by the user, unintended and which cause damage to the user's computer, at block 12. As a result of the exploit triggering (activating) in the user's computer, the computer is compromised, at block 14. The user computer is, for example, damaged in both hardware and software components, typically including its memory and storage media.
As a result, endpoint-based exploit mitigation technologies were developed to increase the difficulty in these types of exploitations. While these tools have been proven to work in the field, the endpoint-based technologies are difficult to 1) manage, 2) configure, and 3) deploy, particularly in large organizations due to their invasive nature. Additionally, these exploit mitigation technologies must be installed on computers as part of a software package. Such software packages must be maintained, installed, managed and updated by system administrators, adding additional soft costs to the hard costs of the purchase price of the software. Even when installed, the software can be detected by the exploits. The software is also such that kernel based vulnerabilities can evade it, and there are always compatibility issues with the software itself. Moreover, the user experience is affected because operation of the mitigation software/system affects the operation of the browsing session. Accordingly, the user experience is diminished, or simply ruined, until the danger is mitigated.
Attackers typically attack browser based memory corruptions by designing exploits which function to organize and manipulate the memory (heap) layout in a specific and predictive way. By “heap” it is meant, throughout this document, that there is a common pool of memory from which memory is allocated dynamically.
This layout manipulation technique is called “Heap Feng Shui” and there exists libraries such as HeapLib that automate that process: V1.0 http://www.phreedom.org/research/heap-feng-shui/; and, V2.0 http://blog.ioactive.com/2013/11/heaplib-20.html, for example.