Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network. - Citegraph

Paper Info

Title
Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network.

Abstract
This article presents a runtime Document Object Model (DOM) tree generator and nested context-aware sanitization based framework that alleviates the DOM-based XSS vulnerabilities from the mobile cloud-based OSN. The frameworks executes in dual mode: offline and online. The offline mode captures all the traces of modules of web applications and transformed such traces into static DOM tree for the extraction of benign script nodes. The legitimate script content embedded in such nodes will be marked in the whitelist of scripts. The online mode detects the injection of untrusted script content in the DOM tree generated at runtime. This was done by usually matching the script content embedded in this DOM tree with the whitelist of script code generated at offline mode. Any deviation observed in the script content will be marked as the injection of malicious script content in the dynamically generated DOM tree. This mode also identifies the different context of malicious variables embedded in such scripts and consequently executes the process of nested context-sensitive sanitization on them. The prototype of our mobile cloud-based framework was developed in Java and integrated the functionality of its components on iCanCloud simulator by creating different virtual machines with their proper link-to-link connectivity. The experimental testing and performance evaluation of our work was carried out on the open source OSN websites that are integrated in the virtual cloud servers. Evaluation results revealed that our framework is capable enough to detect the injection of untrusted/malicious script in the dynamically generated DOM tree with very low rate of false positives, false negatives and suffer from acceptable performance overhead.

Year	DOI	Venue
2018	10.1016/j.future.2017.05.038	Future Generation Computer Systems
Keywords	Field	DocType
Mobile cloud computing,Cross-site scripting (XSS) worms,JavaScript code injection attacks,DOM-Based XSS attacks,HTML5,Document Object Model (DOM) tree	Mobile cloud computing,HTML5,Virtual machine,Computer science,Whitelist,Document Object Model,Cross-site scripting,Java,Operating system,Database,Distributed computing,Scripting language	Journal
Volume	ISSN	Citations
79	0167-739X	6
PageRank	References	Authors
0.43	11	3

Authors (3 rows)

Cited by (6 rows)

References (11 rows)

Name	Order	Citations	PageRank
shashank gupta	1	84	8.88
Brij Bhooshan Gupta	2	6	0.43
Pooja Chaudhary	3	27	4.54

1