Computer Science ›› 2017, Vol. 44 ›› Issue (11): 22-26.doi: 10.11896/j.issn.1002-137X.2017.11.004

Previous Articles     Next Articles

JavaScript Counterfactual Execution Method Based on Dynamic Instrumentation

GONG Wei-gang, YOU Wei, LI Zan, SHI Wen-chang and LIANG Bin   

  • Online:2018-12-01 Published:2018-12-01

Abstract: The static analysis technique has been widely employed in the security analysis of JavaScript program.But the JavaScript program can leverage several functions such as eval to generate code at runtime,which is hard to obtain danamic generation code simply by static analysis.One feasible approach is to collect the code by running the target program dynamically and then make a static analysis on it.However,this approach can only explore a finite number of execution paths and will miss the dynamically generated code in other paths.This paper presented a counterfactual execution method based on dyna-mic instrumentation.In the method,the counterfactual execution structures are instrumented on-the-fly during the parse phase of JavaScript engine,to explore both the branch that would ordinarily be executed and the other branch that would not normally be run.In this way,even if the functions like eval are called nestedly,the dynamically generated code can also be instrumented.Besides,in order to undo the effect of any assignment in counterfactual execution structures,an on-demand undo method was implemented to avoid the redundant operations.The evaluation results show that the method implemented in this paper can effectively expand the coverage of execution paths in dynamic analysis.

Key words: Counterfactual execution,Path coverage,Dynamic analysis,JavaScript

[1] GUARNIERI S,LIVSHITS V B.GATEKEEPER:Mostly StaticEnforcement of Security and Reliability Policies for JavaScript Code[C]∥Proceedings of the 18th Conference on USENIX Security Symposium.New York,USA:ACM,2009:78-85.
[2] GUARNIERI S,PISTOIA M,TRIPP O,et al.Saving the world wide web from vulnerable JavaScript[C]∥Proceedings of the 2011 International Symposium on Software Testing and Analysis.New York,USA:ACM,2011:177-187.
[3] GUHA A,KRISHAMURTHI S,JIM T.Using static analysis for Ajax intrusion detection[C]∥Proceedings of the 18th International Conference on World Wide Web.New York,USA:ACM,2009:561-570.
[4] XU W,ZHANG F F,ZHU S C.The power of obfuscation techniques in malicious JavaScript code:A measurement study[C]∥Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software.Washington DC,USA:IEEE,2012:9-16.
[5] RATANAWORABHAN P,LIVSHITS B,ZORN B G.JSMe-ter:Comparing the Behavior of JavaScript Benchmarks with Real Web Applications[C]∥Usenix Conference on Web Application Development.2010.
[6] RICHARDS G,HAMMER C,BURG B,et al.The eval that men do[M]∥ECOOP 2011-Object-Oriented Programming.Springer Berlin Heidelberg,2011:52-78.
[7] RICHARDS G,LEBRESNE S,BURG B,et al.An analysis of the dynamic behavior of JavaScript programs[J].ACM SIGPLAN Notices,2010,45(6):1-12.
[8] WEI S,RYDER B G.Practical blended taint analysis for Java-Script[C]∥Proceedings of the 2013 International Symposium on Software Testing and Analysis.New York,USA:ACM,2013:336-346.
[9] CHUGH R,MEISTER J A,JHALA R,et al.Staged informa-tion flow for JavaScript[C]∥Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.New York,USA:ACM,2009:50-62.
[10] VOGT P,NENTWICH F,JOVANOVIC N,et al.Cross SiteScripting Prevention with Dynamic Data Tainting and Static Analysis[C]∥The 14th Annual Network & Distributed System Security Symposium.Reston,USA:ISOC,2007:12.
[11] SCHFER M,SRIDHARAN M,DOLBY J,et al.Dynamic determinacy analysis[C]∥Proceedings of the 2013 ACM SIGPLAN Conference on Programming Language Design and Implementation.New York,USA:ACM,2013:165-174.
[12] Google.Chrome V8[EB/OL].[2016-07-07].
[13] Adobe.Adobe PhoneGap[EB/OL].[2016-07-07].http://phonega
[14] CHUDNOV A,NAUMANN D A.Inlined information flow monitoring for JavaScript[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM,2015:629-643.
[15] JANG D,JHALA R,LERNER S,et al.An empirical study of privacy-violating information flows in JavaScript Web applications[C]∥Proceedings of the 17th ACM Conference on Computer and Communication Security.New York,USA:ACM,2010:270-283.

No related articles found!
Full text



No Suggested Reading articles found!