Looking for Criminal Intents in JavaScript Obfuscated Code.
Uložené v:
| Názov: | Looking for Criminal Intents in JavaScript Obfuscated Code. |
|---|---|
| Autori: | Cerutti, Federico1 (AUTHOR) federico@ceres-c.it, di San Pietro, Daniele Barattieri1 (AUTHOR), Gringoli, Francesco1 (AUTHOR), Lamperti, Gianfranco1 (AUTHOR) |
| Zdroj: | Procedia Computer Science. 2022, Vol. 207, p867-876. 10p. |
| Predmety: | Criminal intent, JavaScript programming language, Flowgraphs, Source code, Chinese corporations, Reverse engineering |
| Abstrakt: | The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow fattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company. [ABSTRACT FROM AUTHOR] |
| Databáza: | Supplemental Index |
Full Text Finder 
Nájsť tento článok vo Web of Science | Abstrakt: | The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow fattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company. [ABSTRACT FROM AUTHOR] |
|---|---|
| ISSN: | 18770509 |
| DOI: | 10.1016/j.procs.2022.09.142 |