Towards revealing JavaScript program intents using abstract interpretation

Gregory Blanc; Youki Kadobayashi

doi:10.1145/1930286.1930298

Towards revealing JavaScript program intents using abstract interpretation

Gregory Blanc
, Youki Kadobayashi

Nara Institute of Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based attacks often lacks a context that can only be conveyed during real-time analysis. In our research, we advocate the usage of abstract interpretation of JavaScript code to provide maximum coverage and to ensure completeness. Besides, we introduce a proxy-based proposal to provide analysis of JavaScript malware.

Original language	English
Title of host publication	Asian Internet Engineering Conference, AINTEC 2010
Pages	87-94
Number of pages	8
DOIs	https://doi.org/10.1145/1930286.1930298
Publication status	Published - 1 Dec 2010
Externally published	Yes
Event	6th Asian Internet Engineering Conference, AINTEC 2010 - Bangkok, Thailand Duration: 15 Nov 2010 → 17 Nov 2010

Publication series

Name	Asian Internet Engineering Conference, AINTEC 2010

Conference

Conference	6th Asian Internet Engineering Conference, AINTEC 2010
Country/Territory	Thailand
City	Bangkok
Period	15/11/10 → 17/11/10

Keywords

JavaScript malware
Web 2.0
abstract interpretation
client-side

Access to Document

10.1145/1930286.1930298

Cite this

@inproceedings{ab5a6c2891b744de816f6d4a058731b6,

title = "Towards revealing JavaScript program intents using abstract interpretation",

abstract = "Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based attacks often lacks a context that can only be conveyed during real-time analysis. In our research, we advocate the usage of abstract interpretation of JavaScript code to provide maximum coverage and to ensure completeness. Besides, we introduce a proxy-based proposal to provide analysis of JavaScript malware.",

keywords = "JavaScript malware, Web 2.0, abstract interpretation, client-side",

author = "Gregory Blanc and Youki Kadobayashi",

year = "2010",

month = dec,

day = "1",

doi = "10.1145/1930286.1930298",

language = "English",

isbn = "9781450304016",

series = "Asian Internet Engineering Conference, AINTEC 2010",

pages = "87--94",

booktitle = "Asian Internet Engineering Conference, AINTEC 2010",

note = "6th Asian Internet Engineering Conference, AINTEC 2010 ; Conference date: 15-11-2010 Through 17-11-2010",

}

TY - GEN

T1 - Towards revealing JavaScript program intents using abstract interpretation

AU - Blanc, Gregory

AU - Kadobayashi, Youki

PY - 2010/12/1

Y1 - 2010/12/1

N2 - Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based attacks often lacks a context that can only be conveyed during real-time analysis. In our research, we advocate the usage of abstract interpretation of JavaScript code to provide maximum coverage and to ensure completeness. Besides, we introduce a proxy-based proposal to provide analysis of JavaScript malware.

AB - Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based attacks often lacks a context that can only be conveyed during real-time analysis. In our research, we advocate the usage of abstract interpretation of JavaScript code to provide maximum coverage and to ensure completeness. Besides, we introduce a proxy-based proposal to provide analysis of JavaScript malware.

KW - JavaScript malware

KW - Web 2.0

KW - abstract interpretation

KW - client-side

U2 - 10.1145/1930286.1930298

DO - 10.1145/1930286.1930298

M3 - Conference contribution

AN - SCOPUS:84858302628

SN - 9781450304016

T3 - Asian Internet Engineering Conference, AINTEC 2010

SP - 87

EP - 94

BT - Asian Internet Engineering Conference, AINTEC 2010

T2 - 6th Asian Internet Engineering Conference, AINTEC 2010

Y2 - 15 November 2010 through 17 November 2010

ER -

Towards revealing JavaScript program intents using abstract interpretation

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this