Team for Research in
Ubiquitous Secure Technology

JavaScript Heap Analysis: From Exploiting Browsers to Building Safe JavaScript Subsets
Joel Weinberger

Citation
Joel Weinberger. "JavaScript Heap Analysis: From Exploiting Browsers to Building Safe JavaScript Subsets". Talk or presentation, 30, November, 2009.

Abstract
Many JavaScript security issues revolve around the delicacy of the same-origin policy. The basic concern is that information from one origin should not leak to another. We develop a technique that uses JavaScript heap analysis to analyze the behavior of different origins on the heap and identify a new class of vulnerabilities which we call “cross-origin JavaScript capability leaks”. We discover several instances of these vulnerabilities and propose a solution to mitigate them in web browsers. Additionally, we use these techniques to identify problems in safe JavaScript subsets. In particular, we discuss ADsafe and several problems identified with it and propose an alternative safe JavaScript subset with the same properties but more security guarantees.

Electronic downloads

Citation formats  
  • HTML
    Joel Weinberger. <a
    href="http://www.truststc.org/pubs/642.html"
    ><i>JavaScript Heap Analysis: From Exploiting
    Browsers to Building Safe JavaScript
    Subsets</i></a>, Talk or presentation,  30,
    November, 2009.
  • Plain text
    Joel Weinberger. "JavaScript Heap Analysis: From
    Exploiting Browsers to Building Safe JavaScript
    Subsets". Talk or presentation,  30, November, 2009.
  • BibTeX
    @presentation{Weinberger09_JavaScriptHeapAnalysisFromExploitingBrowsersToBuilding,
        author = {Joel Weinberger},
        title = {JavaScript Heap Analysis: From Exploiting Browsers
                  to Building Safe JavaScript Subsets},
        day = {30},
        month = {November},
        year = {2009},
        abstract = {Many JavaScript security issues revolve around the
                  delicacy of the same-origin policy. The basic
                  concern is that information from one origin should
                  not leak to another. We develop a technique that
                  uses JavaScript heap analysis to analyze the
                  behavior of different origins on the heap and
                  identify a new class of vulnerabilities which we
                  call âcross-origin JavaScript capability
                  leaksâ. We discover several instances of these
                  vulnerabilities and propose a solution to mitigate
                  them in web browsers. Additionally, we use these
                  techniques to identify problems in safe JavaScript
                  subsets. In particular, we discuss ADsafe and
                  several problems identified with it and propose an
                  alternative safe JavaScript subset with the same
                  properties but more security guarantees.},
        URL = {http://www.truststc.org/pubs/642.html}
    }
    

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.