Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Dynamic multi-process information flow tracking for web application security
Proceedings of the 2007 ACM/IFIP/USENIX international conference on Middleware companion
Randomized Instruction Sets and Runtime Environments Past Research and Future Directions
IEEE Security and Privacy
Isolating JavaScript in dynamic code environments
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
xJS: practical XSS prevention for web application development
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Hi-index | 0.00 |
Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper we present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can be mixed with many other programming languages. Thus, RaJa can be practically deployed in existing web applications, which intermix server-side, client-side and markup languages.