Article

Resolving JavaScript Vulnerabilities in the Browser Runtime

Authors:

Ejike Ofuonye,

James MillerAuthors Info & Claims

ISSRE '08: Proceedings of the 2008 19th International Symposium on Software Reliability Engineering

Pages 57 - 66

https://doi.org/10.1109/ISSRE.2008.11

Published: 10 November 2008 Publication History

Publisher Site

Abstract

The volume of web based malware on the Internet keeps rising despite huge investments on web security. JavaScript, the dominant scripting language for web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to containin securities and hence exploitable by malicious web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet.

Cited By

View all

Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Shahriar HZulkernine M(2012)Mitigating program security vulnerabilitiesACM Computing Surveys10.1145/2187671.218767344:3(1-46)Online publication date: 14-Jun-2012
https://dl.acm.org/doi/10.1145/2187671.2187673
Magazinius JPhung PSands D(2010)Safe wrappers and sane policies for self protecting javascriptProceedings of the 15th Nordic conference on Information Security Technology for Applications10.1007/978-3-642-27937-9_17(239-255)Online publication date: 27-Oct-2010
https://dl.acm.org/doi/10.1007/978-3-642-27937-9_17
Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ISSRE '08: Proceedings of the 2008 19th International Symposium on Software Reliability Engineering

November 2008

326 pages

ISBN:9780769534053

Publisher

IEEE Computer Society

United States

Publication History

Published: 10 November 2008

Author Tag

JavaScript Instrumentation, Browser security

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Shahriar HZulkernine M(2012)Mitigating program security vulnerabilitiesACM Computing Surveys10.1145/2187671.218767344:3(1-46)Online publication date: 14-Jun-2012
https://dl.acm.org/doi/10.1145/2187671.2187673
Magazinius JPhung PSands D(2010)Safe wrappers and sane policies for self protecting javascriptProceedings of the 15th Nordic conference on Information Security Technology for Applications10.1007/978-3-642-27937-9_17(239-255)Online publication date: 27-Oct-2010
https://dl.acm.org/doi/10.1007/978-3-642-27937-9_17
Shahriar HZulkernine M(2009)MUTECProceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems10.1109/IWSESS.2009.5068458(47-53)Online publication date: 19-May-2009
https://dl.acm.org/doi/10.1109/IWSESS.2009.5068458

Cited By

Recommendations

Drupal 6 JavaScript and jQuery

JavaScript: The Definitive Guide

Django JavaScript Integration: AJAX and jQuery