Title :
An execution-flow based method for detecting Cross-site Scripting attacks
Author :
Zhang, Qianjie ; Chen, Hao ; Sun, Jianhua
Author_Institution :
Adv. Internet & Media Lab., Hunan Univ., Changsha, China
Abstract :
We present an execution-flow analysis for JavaScript programs running in a web browser to prevent Cross-site Scripting (XSS) attacks. We construct finite-state automata (FSA) to model the client-side behavior of Ajax applications under normal execution. Our system is deployed in proxy mode. The proxy analyzes the execution flow of client-side JavaScript before the requested web pages arrive at the browser to prevent potentially malicious scripts, which do not conform to the FSA. We evaluate our technique against several real-world applications and the result shows that it protects against a variety of XSS attacks and has an acceptable performance overhead.
Keywords :
Application software; Computer languages; Electronic mail; Internet; Java; Learning automata; Monitoring; Protection; Sun; Web pages; Ajax; FSA; JavaScript; XSS;
Conference_Titel :
Software Engineering and Data Mining (SEDM), 2010 2nd International Conference on
Conference_Location :
Chengdu, China
Print_ISBN :
978-1-4244-7324-3
Electronic_ISBN :
978-89-88678-22-0
