Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
WWW
2009
ACM
2009
ACM
Using static analysis for Ajax intrusion detection
We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. We insert random asynchronous requests to foil mimicry attacks. Finally, we evaluate our technique against several real applications and show that it protects against an attack in a widely-used web application. Categories and Subject Descriptors D.2.4 [Software/Program Verification]: Reliability General Terms Languages Security Keywords JavaScript, Ajax, Control-Flow Analysis, Intrusion Detection
Real-time TrafficInternet Technology | Proxy Intercepts Client | Random Asynchronous Requests | Static Control-flow Analysis | WWW 2009 |
Related Content
| Added | 21 Nov 2009 |
| Updated | 21 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | WWW |
| Authors | Arjun Guha, Shriram Krishnamurthi, Trevor Jim |
Comments (0)
Researcher Info
|
