Filters








3,465 Hits in 7.9 sec

Efficient Dynamic Access Analysis Using JavaScript Proxies [article]

Matthias Keil, Peter Thiemann
2013 arXiv   pre-print
To overcome the limitations of the JSConTest implementation, we redesigned and reimplemented effect monitoring by taking advantange of JavaScript proxies.  ...  JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions.  ...  Conclusion We successfully applied JavaScript proxies to the implementation of effect logging and dynamic enforcement of access permission contracts, which specify the allowed side effects using access  ... 
arXiv:1312.3184v1 fatcat:omd6k47rcrb2fka2ertjku72ma

Efficient dynamic access analysis using JavaScript proxies

Matthias Keil, Peter Thiemann
2013 Proceedings of the 9th symposium on Dynamic languages - DLS '13  
To overcome the limitations of the JSConTest implementation, we redesigned and reimplemented effect monitoring by taking advantange of JavaScript proxies.  ...  JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions.  ...  Conclusion We successfully applied JavaScript proxies to the implementation of effect logging and dynamic enforcement of access permission contracts, which specify the allowed side effects using access  ... 
doi:10.1145/2508168.2508176 dblp:conf/dls/KeilT13 fatcat:2hlesqpcvrfsjnhf67b5rtjqri

XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks [chapter]

Smitha Sundareswaran, Anna Cinzia Squicciarini
2012 Lecture Notes in Computer Science  
Our Proxy-based solution leverages the strengths of both anomaly detection and control flow analysis to provide accurate detection.  ...  We demonstrate the feasibility and accuracy of our approach through extended testing using real-world cross-site scripting exploits.  ...  The Proxy generates an abstract and accurate representation of the site, using control flow analysis, and stores it for later use.  ... 
doi:10.1007/978-3-642-31540-4_17 fatcat:yv5yhvtpfrcnzdbysiuqr3z7we

JaTE

Tung Tran, Riccardo Pelizzi, R. Sekar
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
JaTE exploits the dynamic and reflection features of JavaScript, together with a simple lexical analysis 2 and transformation of third-party code, to ensure that all object accesses are mediated at runtime  ...  Using these rules, JaTE is able to mediate all cross-compartment accesses, even those from dynamic code.  ...  As a result, all indirect eval requests will be proxified and the dynamic code is treated as new code from the same principal and set up to run in the same compartment.  ... 
doi:10.1145/2818000.2818019 dblp:conf/acsac/TranPS15 fatcat:3fyvz6svvjextc72au4fvan43q

Cujo

Konrad Rieck, Tammo Krueger, Andreas Dewald
2010 Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10  
Static and dynamic code features are extracted on-the-fly and analysed for malicious patterns using efficient techniques of machine learning.  ...  Embedded in a web proxy, Cujo transparently inspects web pages and blocks delivery of malicious JavaScript code.  ...  Acknowledgements The authors would like to thank Marco Cova for providing the attack data sets as well as Martin Johns and Thorsten Holz for fruitful discussions on malicious JavaScript code and its detection  ... 
doi:10.1145/1920261.1920267 dblp:conf/acsac/RieckKD10 fatcat:jmsdnfaufve6dj6llgh4f4lngq

SENTINEL: Securing Legacy Firefox Extensions

Kaan Onarlioglu, Ahmet Salih Buyukkayhan, William Robertson, Engin Kirda
2015 Computers & security  
This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions.  ...  The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, preference modification, phishing, browser  ...  [28] use a combination of static and dynamic analysis to characterize spyware-like behavior of Internet Explorer plugins. Likewise, Li et al.  ... 
doi:10.1016/j.cose.2014.12.002 fatcat:mtavyklt7rgh7aig5cy34befzy

JavaScript Instrumentation in Practice [chapter]

Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, Igor Serikov
2008 Lecture Notes in Computer Science  
JavaScript provides useful client-side computation facilities, enabling richer and more dynamic web applications.  ...  Although discussing a particular prototype, we believe the techniques therein will also be useful to other studies on JavaScript security.  ...  Such JavaScript code is inserted into the HTML document by the proxy based on some policy input. The rewriting process is carried out on the proxy using a parser, two rewriters, and a code generator.  ... 
doi:10.1007/978-3-540-89330-1_23 fatcat:6u7x6ihgnnbb5ll4g3lqhlpeha

Securing Legacy Firefox Extensions with SENTINEL [chapter]

Kaan Onarlioglu, Mustafa Battal, William Robertson, Engin Kirda
2013 Lecture Notes in Computer Science  
This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions.  ...  The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification.  ...  [13] use a combination of static and dynamic analysis to characterize spyware-like behavior of Internet Explorer plugins. Likewise, Li et al.  ... 
doi:10.1007/978-3-642-39235-1_7 fatcat:jdz6xhlwzzbezfq6z67ftocju4

Efficient and effective realtime prediction of drive-by download attacks

Gaya K. Jayasinghe, J. Shane Culpepper, Peter Bertok
2014 Journal of Network and Computer Applications  
This paper presents a novel approach to detect drive-by downloads in web browser environments using low resource dynamic analysis.  ...  The proposed method is effective, space efficient, and performs the analysis with low performance overhead, making the approach amenable to in-browser drive-by download detection on resource constrained  ...  The proxy-based approach can also be augmented using semi-dynamic solutions that detect malware using static analysis of deobfuscated code [5] . Neither of these solutions is entirely satisfying.  ... 
doi:10.1016/j.jnca.2013.03.009 fatcat:374cg7porzh3vljydik34gwuxu

Transaction-based Sandboxing for JavaScript [article]

Matthias Keil, Peter Thiemann
2017 arXiv   pre-print
The implementation relies on JavaScript proxies to guarantee full interposition for the full language and for all code, including dynamically loaded scripts and code injected via eval.  ...  Today's JavaScript applications are composed of scripts from different origins that are loaded at run time.  ...  In particular, Tom Van Cutsem provided helpful advice on the internals of JavaScript proxies.  ... 
arXiv:1612.00669v2 fatcat:xhovkezmzbdo3py3ucx5hx3k4q

Accessmonkey

Jeffrey P. Bigham, Richard E. Ladner
2007 Proceedings of the 2007 international cross-disciplinary conference on Web accessibility (W4A) - W4A '07  
Efficient access to web content remains elusive for individuals accessing the web using assistive technology.  ...  This framework advances the idea that Javascript and dynamic web content can be used to improve inaccessible content instead of being a cause of it.  ...  We describe how Javascript and dynamic content can be used for accessibility improvement. 2.  ... 
doi:10.1145/1243441.1243452 dblp:conf/w4a/BighamL07 fatcat:ax5h6xtfsjaj3cuv53ff2z767u

A Traffic Tracking Analysis Model for the Effective Management of E-commerce Transactions

Sylvanus A. Ehikioya, Shenghong Lu
2020 International Journal of Networked and Distributed Computing (IJNDC)  
., improved single-pixel image, JavaScript tracking and HTTP (Hypertext Transfer Protocol) proxy server), which work together to track a user's activities.  ...  In modeling the tracking and analysis approach, we used a formal technique to guide quality assurance imperatives.  ...  [81] develop a novel data structure, called a Web access pattern tree, to mine access patterns from Web logs efficiently. Zaiane et al.  ... 
doi:10.2991/ijndc.k.200515.006 doaj:dcc0822e04114c1787b127adc0cd5281 fatcat:2v5vymv3pfazhb6c7muqy3237e

WebinSitu

Jeffrey P. Bigham, Anna C. Cavender, Jeremy T. Brudvik, Jacob O. Wobbrock, Richard E. Lander
2007 Proceedings of the 9th international ACM SIGACCESS conference on Computers and accessibility - Assets '07  
This remote study used an advanced web proxy that leverages AJAX technology to record both the pages viewed and the actions taken by users on the web pages that they visited.  ...  We conducted a study in situ to investigate the accessibility of the web as experienced by web users.  ...  We thank Sangyun Hahn and Lindsay Yazzolino for testing our system, Steve Gribble and Scott Rose for helping to ensure that our study ran smoothly, Darren Gergle for his help with statistical analysis  ... 
doi:10.1145/1296843.1296854 dblp:conf/assets/BighamCBWL07 fatcat:nmdnedbunrcjhb4ylrexgfixsy

Are web applications ready for parallelism?

Cosmin Radoi, Stephan Herhut, Jaswanth Sreeram, Danny Dig
2015 SIGPLAN notices  
However, JavaScript is by design sequential, and current web applications make little use of hardware parallelism. Are web applications ready to exploit parallel hardware?  ...  We identify performance bottlenecks and examine memory access patterns to determine possible data parallelism.  ...  Another study on JavaScript [29] , looking at its dynamic behavior, comes to the conclusion that web-sites indeed make significant use of dynamic features: Many websites use eval to generate code on the  ... 
doi:10.1145/2858788.2700995 fatcat:nz2x2pa53zhcllpb2me64jkpmy

Are web applications ready for parallelism?

Cosmin Radoi, Stephan Herhut, Jaswanth Sreeram, Danny Dig
2015 Proceedings of the 20th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming - PPoPP 2015  
However, JavaScript is by design sequential, and current web applications make little use of hardware parallelism. Are web applications ready to exploit parallel hardware?  ...  We identify performance bottlenecks and examine memory access patterns to determine possible data parallelism.  ...  Another study on JavaScript [29] , looking at its dynamic behavior, comes to the conclusion that web-sites indeed make significant use of dynamic features: Many websites use eval to generate code on the  ... 
doi:10.1145/2688500.2700995 dblp:conf/ppopp/RadoiHSD15 fatcat:5cgskv2iubdkln6cxjcut5haqq
« Previous Showing results 1 — 15 out of 3,465 results