JasLoad: Dynamically Analyzing Javascript Bytecode via a Load-Time Instrumentation Approach

JavaScript is increasingly being deployed as binaries in security-critical embedded domains, such as IoT devices, edge computing, and intelligent vehicle platforms. This widespread adoption highlights the importance of dynamic analysis to ensure the security of JavaScript applications, particularly...

Full description

Saved in:
Bibliographic Details
Published in:IEEE International Conference on Software Quality, Reliability and Security (Online) pp. 751 - 760
Main Authors: Jiang, Hao, Hua, Baojian
Format: Conference Proceeding
Language:English
Published: IEEE 16.07.2025
Subjects:
Dynamic Analysis
Dynamic scheduling
Instruments
Internet of Things
JavaScript Bytecode
Load-ime Instrumentation
Memory management
Prototypes
Runtime
Security
Software quality
Software reliability
Vehicle dynamics
ISSN:2693-9177
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:JavaScript is increasingly being deployed as binaries in security-critical embedded domains, such as IoT devices, edge computing, and intelligent vehicle platforms. This widespread adoption highlights the importance of dynamic analysis to ensure the security of JavaScript applications, particularly at the bytecode level. However, existing dynamic analysis techniques often rely on static instrumentation, which significantly increases of the executable size. This, in turn, leads to higher memory consumption and performance degradation-issues that are especially problematic in resource-constrained environments. In this paper, we present the first dynamic analysis approach for JavaScript bytecode that leverages load-time instrumentation to address this issue. We begin by designing a custom intermediate representation (IR) for JavaScript bytecode constructed at load time. We then develop a set of lowlevel hooks that are triggered at key points in the program execution flow. In addition, we introduce a set of flexible APIs to support customized instrumentation and dynamic analyses. We implement a software prototype, JasLoad, and conduct extensive evaluations. Evaluation results demonstrate that our approach significantly enhances the efficiency and effectiveness of dynamic analysis on resource-constrained devices. By combining JasLoad's bytecode loading/unloading with adaptive instrumentation, we reduce runtime overhead by up to 70.53 % and decrease code size expansion under full instrumentation from 603.68 % to 144.25 %, compared to prior JavaScript bytecode analysis methods.
ISSN:2693-9177
DOI:10.1109/QRS65678.2025.00078