An Architecture for Enforcing Java']JavaScript Randomization in Web2.0 Applications

被引:0
|
作者
Athanasopoulos, Elias [1 ]
Krithinakis, Antonis [1 ]
Markatos, Evangelos P. [1 ]
机构
[1] Fdn Res & Technol Hellas, Inst Comp Sci, Iraklion, Greece
来源
INFORMATION SECURITY | 2011年 / 6531卷
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper we present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can be mixed with many other programming languages. Thus, RaJa can be practically deployed in existing web applications, which intermix server-side, client-side and markup languages.
引用
收藏
页码:203 / 209
页数:7
相关论文
共 50 条
  • [1] Analysis of Java']JavaScript Web Applications Using SAFE 2.0
    Park, Jihyeok
    Ryou, Yeonhee
    Park, Joonyoung
    Ryu, Sukyoung
    [J]. PROCEEDINGS OF THE 2017 IEEE/ACM 39TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING COMPANION (ICSE-C 2017), 2017, : 59 - 62
  • [2] Analysis of JavaScript web applications using SAFE 2.0
    KAIST, Korea, Republic of
    [J]. Proc. - IEEE/ACM Int. Conf. Softw. Eng. Companion, ICSE-C, 1600, (59-62):
  • [3] Guided Mutation Testing for Java']JavaScript Web Applications
    Mirshokraie, Shabnam
    Mesbah, Ali
    Pattabiraman, Karthik
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2015, 41 (05) : 429 - 444
  • [4] A Framework for Automated Testing of Java']JavaScript Web Applications
    Artzi, Shay
    Dolby, Julian
    Jensen, Simon Holm
    Moller, Anders
    Tip, Frank
    [J]. 2011 33RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2011, : 571 - 580
  • [5] Web2.0
    [J]. 软件和集成电路, 2006, (24) : 13 - 13
  • [6] RDF Data Management for Web2.0 Applications
    Idris, Noorazida Mohd
    Abidin, Siti Z. Z.
    [J]. 2014 IEEE CONFERENCE ON OPEN SYSTEMS (ICOS), 2014, : 112 - 116
  • [7] WEB2.0 TECHNOLOGIES AND THEIR APPLICATIONS IN ONLINE TRAINING
    Palkova, Zuzana
    Bandlerova, Anna
    Schwarczova, Loreta
    Bielik, Peter
    [J]. INTED2014: 8TH INTERNATIONAL TECHNOLOGY, EDUCATION AND DEVELOPMENT CONFERENCE, 2014, : 4960 - 4966
  • [8] Performance Scalability Analysis of Java']JavaScript Applications with Web Workers
    Verdu, Javier
    Pajuelo, Alex
    [J]. IEEE COMPUTER ARCHITECTURE LETTERS, 2016, 15 (02) : 105 - 108
  • [9] Practical AJAX Race Detection for Java']JavaScript Web Applications
    Adamsen, Christoffer Quist
    Moller, Anders
    Alimadadi, Saba
    Tip, Frank
    [J]. ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2018, : 38 - 48
  • [10] Model-Based Development of Java']JavaScript Web Applications
    Wagner, Gerd
    [J]. CURRENT TRENDS IN WEB ENGINEERING, ICWE 2017, 2018, 10544 : 267 - 268
12345