JasLoad: Dynamically Analyzing Javascript Bytecode via a Load-Time Instrumentation Approach

JavaScript is increasingly being deployed as binaries in security-critical embedded domains, such as IoT devices, edge computing, and intelligent vehicle platforms. This widespread adoption highlights the importance of dynamic analysis to ensure the security of JavaScript applications, particularly...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE International Conference on Software Quality, Reliability and Security (Online) s. 751 - 760
Hlavní autoři: Jiang, Hao, Hua, Baojian
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 16.07.2025
Témata:
Dynamic Analysis
Dynamic scheduling
Instruments
Internet of Things
JavaScript Bytecode
Load-ime Instrumentation
Memory management
Prototypes
Runtime
Security
Software quality
Software reliability
Vehicle dynamics
ISSN:2693-9177
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:JavaScript is increasingly being deployed as binaries in security-critical embedded domains, such as IoT devices, edge computing, and intelligent vehicle platforms. This widespread adoption highlights the importance of dynamic analysis to ensure the security of JavaScript applications, particularly at the bytecode level. However, existing dynamic analysis techniques often rely on static instrumentation, which significantly increases of the executable size. This, in turn, leads to higher memory consumption and performance degradation-issues that are especially problematic in resource-constrained environments. In this paper, we present the first dynamic analysis approach for JavaScript bytecode that leverages load-time instrumentation to address this issue. We begin by designing a custom intermediate representation (IR) for JavaScript bytecode constructed at load time. We then develop a set of lowlevel hooks that are triggered at key points in the program execution flow. In addition, we introduce a set of flexible APIs to support customized instrumentation and dynamic analyses. We implement a software prototype, JasLoad, and conduct extensive evaluations. Evaluation results demonstrate that our approach significantly enhances the efficiency and effectiveness of dynamic analysis on resource-constrained devices. By combining JasLoad's bytecode loading/unloading with adaptive instrumentation, we reduce runtime overhead by up to 70.53 % and decrease code size expansion under full instrumentation from 603.68 % to 144.25 %, compared to prior JavaScript bytecode analysis methods.
ISSN:2693-9177
DOI:10.1109/QRS65678.2025.00078