Resolving JavaScript Vulnerabilities in the Browser Runtime

The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Proceedings - International Symposium on Software Reliability Engineering S. 57 - 66
Hauptverfasser: Ofuonye, E., Miller, J.
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.11.2008
Schlagworte:
Browser security
Cascading style sheets
HTML
Instruments
Internet
Investments
Java
JavaScript Instrumentation
Monitoring
Protection
Runtime
Security
ISSN:1071-9458
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to contain in securities and hence exploitable by malicious Web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet.
ISSN:1071-9458
DOI:10.1109/ISSRE.2008.11