Systematic design of program transformation frameworks by abstract interpretation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dex: A Semantic-Graph Differencing Tool for Studying Changes in Large Code Bases
ICSM '04 Proceedings of the 20th IEEE International Conference on Software Maintenance
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Language-Based Isolation of Untrusted JavaScript
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Towards a Formal Foundation of Web Security
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Supervised categorization of JavaScript™ using program analysis features
AIRS'05 Proceedings of the Second Asia conference on Asia Information Retrieval Technology
CsFire: transparent client-side mitigation of malicious cross-domain requests
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based attacks often lacks a context that can only be conveyed during real-time analysis. In our research, we advocate the usage of abstract interpretation of JavaScript code to provide maximum coverage and to ensure completeness. Besides, we introduce a proxy-based proposal to provide analysis of JavaScript malware.