Paper Info
Title
Resolving JavaScript Vulnerabilities in the Browser Runtime
Abstract
The volume of web based malware on the Internet keeps rising despite huge investments on web security. JavaScript, the dominant scripting language for web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to containin securities and hence exploitable by malicious web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet.
Year
DOI
Venue
2008
10.1109/ISSRE.2008.11
ISSRE
Keywords
Field
DocType
javascript code runtime monitoring,empirical analysis,javascript code,resolving javascript vulnerabilities,new web client protection,improved user protection,web security,web application,browser runtime,code instrumentation technique,malicious web application,popular web site,static analysis,dynamic html,security,system monitoring,engines,browser security,internet,java,html,scripting language,servers
World Wide Web,Computer science,Unobtrusive JavaScript,Ajax,Cross-site scripting,Web application,Dynamic web page,Client-side scripting,Rich Internet application,Content Security Policy
Conference
Citations 
PageRank 
References 
6
0.55
11
Authors
2
Name
Order
Citations
PageRank
Ejike Ofuonye1232.57
James Miller214116.61