View in EDS

A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network.

Saved in:
Bibliographic Details
Title: A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network.
Authors: Gupta, Shashank, Gupta, B.B., Chaudhary, Pooja
Source: Concurrency & Computation: Practice & Experience; 11/10/2019, Vol. 31 Issue 21, pN.PAG-N.PAG, 1p
Subject Terms: JAVASCRIPT programming language, ONLINE social networks, INTERNET privacy, WORMS, WEB-based user interfaces
Abstract: Summary: This article presents a client‐server JavaScript code rewriting‐based framework that protects and preserves the privacy of online users against XSS worms on Online Social Network (OSN). The server‐side generates an estimation graph which is explored for extracting the JavaScript code and shifts such code in a separate file. This shifting is done for completely isolating the untrusted JavaScript code and data. The client‐side performs runtime monitoring of the dynamic JavaScript code to recognize the tainted flow of untrusted JavaScript variables. The context of such dynamic tainted variables is determined, for performing the string analysis to examine whether it may be considered as vulnerable point or not. Finally, decoding operation is performed on the obfuscated malicious JavaScript code and the JavaScript code embedded in the parameter values of HTTP request. If match is found, then XSS attack vector is present. Otherwise, it is not. The authors have developed their prototype on the Java development framework and have estimated the malicious script alleviation capability of this proposed work on tested web applications (Humhub, Elgg, WordPress, Joomla, Drupal). [ABSTRACT FROM AUTHOR]
Copyright of Concurrency & Computation: Practice & Experience is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:Summary: This article presents a client‐server JavaScript code rewriting‐based framework that protects and preserves the privacy of online users against XSS worms on Online Social Network (OSN). The server‐side generates an estimation graph which is explored for extracting the JavaScript code and shifts such code in a separate file. This shifting is done for completely isolating the untrusted JavaScript code and data. The client‐side performs runtime monitoring of the dynamic JavaScript code to recognize the tainted flow of untrusted JavaScript variables. The context of such dynamic tainted variables is determined, for performing the string analysis to examine whether it may be considered as vulnerable point or not. Finally, decoding operation is performed on the obfuscated malicious JavaScript code and the JavaScript code embedded in the parameter values of HTTP request. If match is found, then XSS attack vector is present. Otherwise, it is not. The authors have developed their prototype on the Java development framework and have estimated the malicious script alleviation capability of this proposed work on tested web applications (Humhub, Elgg, WordPress, Joomla, Drupal). [ABSTRACT FROM AUTHOR]
ISSN:15320626
DOI:10.1002/cpe.4646