Paper Info
Title
JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-Like Structure
Abstract
As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites.
Year
DOI
Venue
2020
10.1109/DSN48063.2020.00026
2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Keywords
DocType
ISSN
JavaScript,Side channel Attacks,Web Concurrency Attacks
Conference
1530-0889
ISBN
Citations 
PageRank 
978-1-7281-5810-5
0
0.34
References 
Authors
20
2
Name
Order
Citations
PageRank
Zhanhao Chen110.68
Yinzhi Cao229718.73