Properties of data flow frameworks: a unified model
Acta Informatica
A lattice model of secure information flow
Communications of the ACM
Parameterized object sensitivity for points-to analysis for Java
ACM Transactions on Software Engineering and Methodology (TOSEM)
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Blended analysis for performance understanding of framework-based applications
Proceedings of the 2007 international symposium on Software testing and analysis
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
An analysis of the dynamic behavior of JavaScript programs
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Isolating JavaScript with filters, rewriting, and wrappers
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Cross-origin javascript capability leaks: detection, exploitation, and defense
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
JSMeter: comparing the behavior of JavaScript benchmarks with real web applications
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
The eval that men do: A large-scale study of the use of eval in javascript applications
Proceedings of the 25th European conference on Object-oriented programming
Automated construction of JavaScript benchmarks
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Remedying the eval that men do
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Correlation tracking for points-to analysis of javascript
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Eval begone!: semi-automated removal of eval from javascript programs
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Efficient construction of approximate call graphs for JavaScript IDE services
Proceedings of the 2013 International Conference on Software Engineering
Hi-index | 0.00 |
JavaScript is widely used in Web applications because of its flexibility and dynamic features. However, the latter pose challenges to static analyses aimed at finding security vulnerabilities, (e.g., taint analysis). We present blended taint analysis, an instantiation of our general-purpose analysis framework for JavaScript, to illustrate how a combined dynamic/static analysis approach can deal with dynamic features by collecting generated code and other information at runtime. In empirical comparisons with two pure static taint analyses, we show blended taint analysis to be both more scalable and precise on JavaScript benchmark codes extracted from 12 popular websites at alexa. Our results show that blended taint analysis discovered 13 unique violations in 6 of the websites. In contrast, each of the static analyses identified less than half of these violations. Moreover, given a reasonable time budget of 10 minutes, both static analyses encountered webpages they could not analyze, sometimes significantly many such pages. Case studies demonstrate the quality of the blended taint analysis solution in comparison to that of pure static analysis.