JavaScript Instrumentation in Practice

13 years 8 months ago
JavaScript Instrumentation in Practice
JavaScript has been exploited to launch various browser-based attacks. Our previous work proposed a theoretical framework applying policy-based code instrumentation to JavaScript. This paper further reports our experience carrying out the theory in practice. Specifically, we discuss how the instrumentation is performed on various JavaScript and HTML syntactic constructs, present a new policy construction method for facilitating the creation and compilation of security policies, and document various practical difficulties arose during our prototyping. Our prototype currently works with several different web browsers, including Safari Mobile running on iPhones. We report our results based on experiments using representative real-world web applications.
Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Authors Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, Igor Serikov
Comments (0)