Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
POPL
2007
ACM
2007
ACM
JavaScript instrumentation for browser security
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We propose to battle such attacks using program instrumentation. Untrusted JavaScript code goes through a rewriting process which identifies relevant operations, modifies questionable behaviors, and prompts the user (a web page viewer) for decisions on how to proceed when appropriate. Our solution is parametric with respect to the security policy--the policy is implemented separately from the rewriting, and the same rewriting process is carried out regardless of which policy is in use. Besides providing a rigorous account of the correctness of our solution, we also discuss practical issues including policy management and prototype experiments. A useful by-product of our work is an operational semantics of a core subset of JavaScript, where code embedded in (HTML) documents may generate further document pieces (with new code embedded) at runtime, yielding a form of self-modifying code. Cate...
Real-time TrafficGeneral Terms Languages | Modifies Questionable Behaviors | POPL 2007 | Programming Languages | Web Page Viewer |
Related Content
| Added | 03 Dec 2009 |
| Updated | 03 Dec 2009 |
| Type | Conference |
| Year | 2007 |
| Where | POPL |
| Authors | Dachuan Yu, Ajay Chander, Nayeem Islam, Igor Serikov |
Comments (0)
Researcher Info
|
