Yu et al., 2007 - Google Patents
JavaScript instrumentation for browser securityYu et al., 2007
View PDF- Document ID
- 10418945031053245688
- Author
- Yu D
- Chander A
- Islam N
- Serikov I
- Publication year
- Publication venue
- Acm Sigplan Notices
External Links
Snippet
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We propose to battle such attacks using program instrumentation. Untrusted JavaScript code goes through a rewriting process which identifies relevant operations …
- 238000000034 method 0 abstract description 24
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/20—Handling natural language data
- G06F17/21—Text processing
- G06F17/22—Manipulating or registering by use of codes, e.g. in sequence of text characters
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/50—Computer-aided design
- G06F17/5009—Computer-aided design using simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yu et al. | JavaScript instrumentation for browser security | |
| EP2035996B1 (en) | Program instrumentation method and apparatus for constraining the behavior of embedded script in documents | |
| Phung et al. | Lightweight self-protecting JavaScript | |
| Guha et al. | Verified security for browser extensions | |
| Bates et al. | Regular expressions considered harmful in client-side XSS filters | |
| Van Gundy et al. | Noncespaces: Using randomization to defeat cross-site scripting attacks | |
| US9058489B2 (en) | Marking documents with executable text for processing by computing systems | |
| Russo et al. | Tracking information flow in dynamic tree structures | |
| US9686288B2 (en) | Method and apparatus for constructing security policies for web content instrumentation against browser-based attacks | |
| Bielova | Survey on JavaScript security policies and their enforcement mechanisms in a web browser | |
| Prokhorenko et al. | Context-oriented web application protection model | |
| Kikuchi et al. | JavaScript instrumentation in practice | |
| Burket et al. | {GuardRails}: A {Data-Centric} Web Application Security Framework | |
| Huang et al. | Web application security—past, present, and future | |
| Crowley | Pro Internet Explorer 8 & 9 Development: Developing Powerful Applications for the Next Generation of IE | |
| Büchler et al. | Model inference and security testing in the spacios project | |
| Zhao | Beast in the Cage: A Fine-grained and Object-oriented Permission System to Confine JavaScript Operations on the Web | |
| Stolz et al. | To hash or not to hash: A security assessment of CSP’s unsafe-hashes expression | |
| Sayed | Protection against malicious javascript using hybrid flow-sensitive information flow monitoring | |
| Weinberger | Analysis and enforcement of web application security policies | |
| De Groef | Client-and Server-Side Security Technologies for JavaScript Web Applications | |
| Vernotte | A pattern-driven and model-based vulnerability testing for web applications | |
| Lian et al. | Prompt-in-Content Attacks: Exploiting Uploaded Inputs to Hijack LLM Behavior | |
| Karim | Techniques and tools for secure Web browser extension development | |
| Barua | Protecting Browser Extensions from JavaScript Injection Attacks with Runtime Protection and Static Analysis |