Resolving JavaScript Vulnerabilities in the Browser Runtime
The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web...
Uložené v:
| Vydané v: | Proceedings - International Symposium on Software Reliability Engineering s. 57 - 66 |
|---|---|
| Hlavní autori: | , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.11.2008
|
| Predmet: | |
| ISSN: | 1071-9458 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to contain in securities and hence exploitable by malicious Web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet. |
|---|---|
| AbstractList | The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to contain in securities and hence exploitable by malicious Web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet. |
| Author | Ofuonye, E. Miller, J. |
| Author_xml | – sequence: 1 givenname: E. surname: Ofuonye fullname: Ofuonye, E. organization: ECE Dept., Univ. of Alberta, Edmonton, AB – sequence: 2 givenname: J. surname: Miller fullname: Miller, J. organization: ECE Dept., Univ. of Alberta, Edmonton, AB |
| BookMark | eNotjFFLwzAURiNMcJt79MmX_IHOm6RpUnzSselkILTD13Hb3miga0fSTfz3FhQ-OBwOfDM26fqOGLsTsBQC8odtWRbrpQSwo1-xGZgs1yoFbSdsKsCIJE-1vWGLGH0FUoMy2qopeywo9u3Fd5_8DS9Y1sGfBv5xbjsKWPnWD54i9x0fvog_h_47UuDFuRv8kW7ZtcM20uKfc7bfrPer12T3_rJdPe0Sn8OQVLJxInNYo5HQkKqMaxAyqE0jaguOJEIqsVLGZRqRbJqPqSFXE4lxas7u_249ER1OwR8x_BxSA6AEqF_Vl0ri |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISSRE.2008.11 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 0769534058 9780769534053 |
| EndPage | 66 |
| ExternalDocumentID | 4700310 |
| Genre | orig-research |
| GroupedDBID | 23M 29G 29N 29O 6IE 6IF 6IH 6IK 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i90t-b2df16faca720de3b7fda060c7d1c80fe2a042ab37f65aae849c7ddefcee1ee13 |
| IEDL.DBID | RIE |
| ISSN | 1071-9458 |
| IngestDate | Wed Aug 27 02:11:10 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-b2df16faca720de3b7fda060c7d1c80fe2a042ab37f65aae849c7ddefcee1ee13 |
| PageCount | 10 |
| ParticipantIDs | ieee_primary_4700310 |
| PublicationCentury | 2000 |
| PublicationDate | 2008-Nov. |
| PublicationDateYYYYMMDD | 2008-11-01 |
| PublicationDate_xml | – month: 11 year: 2008 text: 2008-Nov. |
| PublicationDecade | 2000 |
| PublicationTitle | Proceedings - International Symposium on Software Reliability Engineering |
| PublicationTitleAbbrev | ISSRE |
| PublicationYear | 2008 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssib025037583 ssj0020412 |
| Score | 1.7137895 |
| Snippet | The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 57 |
| SubjectTerms | Browser security Cascading style sheets HTML Instruments Internet Investments Java JavaScript Instrumentation Monitoring Protection Runtime Security |
| Title | Resolving JavaScript Vulnerabilities in the Browser Runtime |
| URI | https://ieeexplore.ieee.org/document/4700310 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LTgIxFL0B4sIVKhjf6cKllTKvtnFpIGoMIUAMO9JpexMSHAwyfL9th4cLNyazmMxsmr5uz-255wDc59IKJXVCE4wMTYxQNNepoRilqHOBKPIgmf_OBwMxncphDR72tTDW2kA-s4_-Ndzlm6Uufaqsk_CgZFmHOudZVau1mzsuksfu6LvfhSOvI1XxDb2NfCoO-pqd1_F41KtolN446JerSggq_eb_mnMC7UN1Hhnu484p1GxxBs2dPQPZrtYWPPnU_MInDMib2qhx2B_IR7nwQtOBE-tQMpkXxJ0BiYfjbjaSkbeO-LRtmPR7k-cXuvVKoHPJ1jSPDHYzVFrxiBkb5xyNYhnT3HS1YGgj5VanymOOWaqUFYl0v4xF19aue-JzaBTLwl4A0bGMleGGo3LYUTAprIM4Ah1uS9Awfgkt3xWzr0oNY7bthau_P1_DcWBYhOq9G2isV6W9hSO9Wc-_V3dhCH8ALd2dOg |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LTgIxFL1BNNEVKhjfduHSSpnp0DYuDQQUCQFi2JFOHwkJDAaB77ft8HDhxmQWk5lN09ftuT33HIDHVBguhaKY2khjqrnEqUo0tlFiVcqt5WmQzO-wbpePRqJXgKddLYwxJpDPzLN_DXf5eq5WPlVWpSwoWR7AYUJpRPJqre3scbE8doff3T4ceSWpnHHojeQTvlfYrLYHg34jJ1J666BfviohrDRL_2vQKVT29Xmot4s8Z1Aw2TmUtgYNaLNey_Dik_NTnzJAb3ItB2GHQJ-rqZeaDqxYh5PRJEPuFIg8IHfzEfW9ecTMVGDYbAxfW3jjloAngixxGmlbq1upJIuINnHKrJakThTTNcWJNZF061OmMbP1RErDqXC_tLGurTX3xBdQzOaZuQSkYhFLzTSz0qFHTgQ3DuRw65AbtZqwKyj7rhh_5XoY400vXP_9-QGOW8OPzrjT7r7fwEngW4RavlsoLhcrcwdHar2cfC_uw3D-AI1ioIE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+-+International+Symposium+on+Software+Reliability+Engineering&rft.atitle=Resolving+JavaScript+Vulnerabilities+in+the+Browser+Runtime&rft.au=Ofuonye%2C+E.&rft.au=Miller%2C+J.&rft.date=2008-11-01&rft.pub=IEEE&rft.issn=1071-9458&rft.spage=57&rft.epage=66&rft_id=info:doi/10.1109%2FISSRE.2008.11&rft.externalDocID=4700310 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1071-9458&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1071-9458&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1071-9458&client=summon |