论文信息 - Self-Protecting JavaScript Based on Hierarchical Control

Self-Protecting JavaScript Based on Hierarchical Control

Self-protecting JavaScript can prevent malicious code execution by wrapping security relevant API calls and embedding security policy into the code. This mechanism is easy to use but hold high run-time overhead. This paper introduces hierarchical policy for self-protecting JavaScript. We make the division in accordance with the frequency and control mode of policy and mainly reduce the number of times policies were called. The new approach is able to ensure safety and decrease run-time overhead significantly.

Bing Han | You-Qun Shi

[1] Christian Hammer. Flexible access control for javascript , 2014, Software Engineering.

[2] V. N. Venkatakrishnan,et al. AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.

[3] Benjamin Livshits,et al. AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications , 2007, TWEB.

[4] David Sands,et al. Lightweight self-protecting JavaScript , 2009, ASIACCS '09.

[5] Marco Pistoia,et al. Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[6] Phu H. Phung,et al. A two-tier sandbox architecture for untrusted JavaScript , 2012 .

[7] Frank Piessens,et al. JSand: complete client-side sandboxing of third-party JavaScript without browser modifications , 2012, ACSAC '12.

[8] Haining Wang,et al. A measurement study of insecure javascript practices on the web , 2013, TWEB.

[9] Yan Chen,et al. Virtual browser: a web-level sandbox to secure third-party JavaScript without sacrificing functionality , 2010, CCS '10.

[10] Wouter Joosen,et al. WebJail: least-privilege integration of third-party components in web mashups , 2011, ACSAC '11.