Interception, wrapping and analysis framework for Win32 scripts

JScript and VBScript were designed in an environment where scripts were confined inside Web browsers, and where those Web browsers rarely contained sensitive information or performed security-critical operations. Unfortunately, both languages are now widely used in very different environments where the fact that security was an afterthought in their design has become a grave problem for the enterprises and individuals that use them. We have designed and implemented a retrofitted security framework for the Windows ActiveScripting API, which integrates JScript and VBScript into the Windows operating system. By exploiting common characteristics of modern mobile component frameworks, our security system provides object- and method-level access control and logging.