Abstract
JavaScript has been exploited to launch various browser-based attacks. Our previous work proposed a theoretical framework applying policy-based code instrumentation to JavaScript. This paper further reports our experience carrying out the theory in practice. Specifically, we discuss how the instrumentation is performed on various JavaScript and HTML syntactic constructs, present a new policy construction method for facilitating the creation and compilation of security policies, and document various practical difficulties arose during our prototyping. Our prototype currently works with several different web browsers, including Safari Mobile running on iPhones. We report our results based on experiments using representative real-world web applications © 2008 Springer Berlin Heidelberg.
Cite
CITATION STYLE
Kikuchi, H., Yu, D., Chander, A., Inamura, H., & Serikov, I. (2008). JavaScript instrumentation in practice. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5356 LNCS, pp. 326–341). Springer Verlag. https://doi.org/10.1007/978-3-540-89330-1_23
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
