JAVASCRIPT INSTRUMENTATION FOR BROWSER SECURITY

Posted by Anonymous 0 komentar
Download Javascript Tutorial. It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We propose to battle such attacks using program instrumentation. Untrusted JavaScript code goes through a rewriting process which identifies relevant operations, modifies questionable behaviors, and prompts the user (a web page viewer) for decisions on how to proceed when appropriate. Our solution is parametric with respect to the security policy—the policy is implemented separately from the rewriting, and the same rewriting process is carried out regardless of which policy is in use. Besides providing a rigorous account of the correctness of our solution, we also discuss practical issues including policy management and prototype experiments. A useful by-product of our work is an operational semantics of a core subset of JavaScript, where code embedded in (HTML) documents may generate further document pieces (with new code embedded) at runtime, yielding a form of self-modifying code.

JavaScript [4] is a scripting language designed for enhancing web pages. JavaScript programs are deployed in HTML documents and are interpreted by all major web browsers. They provide useful client-side computation facilities and access to the client system, making web pages more engaging, interactive, and responsive.

Download Javascript Tutorial

0 komentar:

Post a Comment