Title :
Automated Analysis of Security-Critical JavaScript APIs
Author :
Taly, Ankur ; Erlingsson, Úlfar ; Mitchell, John C. ; Miller, Mark S. ; Nagra, Jasvir
Author_Institution :
Stanford Univ., Stanford, CA, USA
Abstract :
JavaScript is widely used to provide client-side functionality in Web applications. To provide services ranging from maps to advertisements, Web applications may incorporate untrusted JavaScript code from third parties. The trusted portion of each application may then expose an API to untrusted code, interposing a reference monitor that mediates access to security-critical resources. However, a JavaScript reference monitor can only be effective if it cannot be circumvented through programming tricks or programming language idiosyncrasies. In order to verify complete mediation of critical resources for applications of interest, we define the semantics of a restricted version of JavaScript devised by the ECMA Standards committee for isolation purposes, and develop and test an automated tool that can soundly establish that a given API cannot be circumvented or subverted. Our tool reveals a previously-undiscovered vulnerability in the widely-examined Yahoo! AD Safe filter and verifies confinement of the repaired filter and other examples from the Object-Capability literature.
Keywords :
Java; application program interfaces; information filtering; security of data; JavaScript code; Yahoo AD Safe filter; automated analysis; client side functionality; critical resources; object capability literature; programming language idiosyncrasies; programming tricks; security critical JavaScript API; security critical resources; untrusted code; Arrays; Encapsulation; Monitoring; Prototypes; Reactive power; Semantics; Syntactics; APIs; Javascript; Language-Based Security; Points-to Analysis;
Conference_Titel :
Security and Privacy (SP), 2011 IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-1-4577-0147-4
Electronic_ISBN :
1081-6011
