Sciweavers

CCS
2009
ACM

Lightweight self-protecting JavaScript

15 years 13 days ago
Lightweight self-protecting JavaScript
This paper introduces a method to control JavaScript execution. The aim is to prevent or modify inappropriate behaviour caused by e.g. malicious injected scripts or poorly designed third-party code. The approach is based on modifying the code so as to make it self-protecting: the protection mechanism (security policy) is embedded into the code itself and intercepts security relevant API calls. The challenges come from the nature of the JavaScript language: any variables in the scope of the program can be redefined, and code can be created and run on-the-fly. This creates potential problems, respectively, for tamper-proofing the protection mechanism, and for ensuring that no security relevant events bypass the protection. Unlike previous approaches to instrument and monitor JavaScript to enforce or adjust behaviour, the solution we propose is lightweight in that (i) it does not require a modified browser, and (ii) it does not require any run-time parsing and transformation of code (inc...
Phu H. Phung, David Sands, Andrey Chudnov
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where CCS
Authors Phu H. Phung, David Sands, Andrey Chudnov
Comments (0)