javascript informaon flow analysis - virginia...
TRANSCRIPT
![Page 1: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/1.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
JavaScriptInformaConFlowAnalysis
ShiyiWeiCS6204termproject
![Page 2: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/2.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ProjectmoCvaCon Literaturereview
PaperorgnizaCon Selectedpapers ObservaCons
Frameworkoverview
Analysiscomponents
On‐goingwork&conclusion
2
Overview
![Page 3: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/3.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience 3
ProjectMoCvaCon
Jif:JavainformaConflow Type‐basedapproach
• Languageextension• Imprecise
Javaprogramminglanguage• StaCctyping• Classhierarchy
![Page 4: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/4.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
InformaConflowanalysisforJavaScript Type‐basedapproachworks?
• Dynamictyping
Challenges• Dynamiclanguagefeatures
– Prototyping– DynamiccodegeneraCon
– VariadicfuncCons– Fields
• Benchmark
4
ProjectMoCvaCon
![Page 5: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/5.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
Papercategories InformaConflowanalysisforC,C++,andJava
Analyzingdynamiclanguages• Performance
• Correctness SecurityanalysisofJavaScript
• StaCcanalysis• Dynamicanalysis
5
LiteratureReview
![Page 6: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/6.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
GATEKEEPER[1] JavaScriptwidget JavaScriptSAFE
• StaCc JavaScriptGK
• Dynamic
6
LiteratureReview
References[1]S.Guarnieri,andB.Livshits.GATEKEEPER:mostlystaCcenforcementofsecurityandreliabilitypoliciesfor JavaScript code. In proceedings of the 18thconference on USENIX security symposium(2009),pp.151‐168
![Page 7: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/7.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
StagedinformaConflowforJavaScript[2] Integritypolicy
• Thecodeloadedatanyevalsitemustnotintothevalueofdocument.loca.on
ConfidenCalpolicy• Thevalueofdocument.cookiemustnotflowintoanyvariablewithinthecodeloadedatanyevalsite
StagedinformaConflow• Stage1:Computepolicy
• Stage2:Checkpolicy
7
LiteratureReview
References[2] R. Chugh, J. A. Meister, R. Jhala, and S. Lerner.Staged informaCon flow for JavaScript. Inproceedings of the 2009 ACM SIGPLAN conferenceo n P r o g r amm i n g L a n g u a ge D e s i g n a n dImplementaCon
![Page 8: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/8.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
JavaScripttaintanalysis[3] Prototypes
ObjectcreaCons
ReflecCvepropertyaccesses Lexicalscoping
8
LiteratureReview
References[3] S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S.Teilhet, R. Berg. Saving the world wide web fromvulnerable JavaScript. In proceedings of the 2011InternaConal Symposium on Soiware TesCng andAnalysis.
![Page 9: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/9.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ObservaCons Handlelimitedlanguagefeatures
• Prototype[2,4]• ProperCesdeleCon• eval
Experimentaldesign• JavaScriptbenchmarknotrepresentaCve[5]
9
LiteratureReview
References[4] A. Guha, S. Krishnamurthi, and T. Jim. Using staCc analysis for ajaxintrusion detecCon. In InternaCon Conference on World WideWorld(WWW),2009[5]G. Richards, S. Lebresne, B. Burg, J. Vitek. An analysis of the dynamicbehaviorofJavaScriptprograms.Inproceedingsofthe2010ACMSIGPLANconferenceonProgrammingLanguageDesignandImplementaCon.
![Page 10: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/10.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience 10
FrameworkOverview
InstrumentedWebKit
Callgraph+dynamicallygeneratedcode
Websitesource
StaCcanalysisInfrastructure
![Page 11: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/11.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
InstrumentedWebKit TracingSafari[5] Instrumentedcode
• FuncConcalls– Methodsignature– Arguments
• ObjectcreaConsites• Dynamicallygeneratedcode
– Eval– document.write
– etc.
11
AnalysisComponents
![Page 12: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/12.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
StaCcInfrastructure WALA
• IBMT.J.WatsonLibrariesforAnalysis
ExtractJavaScriptcode• Fromwebsitesource
ImportdynamicinformaCon• Dynamiccallgraph
• Dynamicallygeneratedcode
12
AnalysisComponents
![Page 13: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/13.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
StaCcinfrastructure HandleJavaScriptlanguagefeatures
• VariadicfuncCons– MethoddefiniCons+arguments– Pruningwithargument.length– twiker.com,amazon.com,msn.com,…
• DynamiccodegeneraCon
13
AnalysisComponents
1.funcConF(a,b)2.{3.if(arguments.length=1)4.{…}5.elseif(arguments.length=2)6.{…}7.elseif(arguments.length>=3)8.{…}9.}
![Page 14: JavaScript Informaon Flow Analysis - Virginia Techcourses.cs.vt.edu/~cs6204/Privacy-Security/Projects/JavaScript-Wei.pdf · Click to edit Master tle style Project movaon Literature](https://reader031.vdocuments.mx/reader031/viewer/2022022506/5abfd04c7f8b9a8e3f8ec664/html5/thumbnails/14.jpg)
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
ClicktoeditMasterCtlestyle
Fall,2011‐Privacy&Security‐VirginiaTech–ComputerScience
On‐goingwork InformaConflowalgorithm Benchmark Handleotherlanguagefeatures
• Prototyping,etc Conclusion
Literaturereview• JavaScriptInformaConflowishard
– Dynamiclanguagefeatures
Blendedapproach• Worksonunsolvedissues
14
On‐goingWork&Conclusion