Team for Research in
Ubiquitous Secure Technology

Automated Analysis of Security-Critical JavaScript APIs
Ankur Taly, Ulfar Erlingsson, John C. Mitchell, Mark S. Miller, Jasvir Nagra

Citation
Ankur Taly, Ulfar Erlingsson, John C. Mitchell, Mark S. Miller, Jasvir Nagra. "Automated Analysis of Security-Critical JavaScript APIs". IEEE Symposium on Security and Privacy (SP), pp.363-378, 22, May, 2011.

Abstract
Browse Conference Publications > Security and Privacy (SP), 20 ... Page Help Automated Analysis of Security-Critical JavaScript APIs Full text access may be available To access full text, please use your member or institutional sign in. Learn more about subscription options Already purchased? View now Forgot Username/Password? Forgot Institutional Username or Password? Athens/Shibboleth This paper appears in: Security and Privacy (SP), 2011 IEEE Symposium on Date of Conference: 22-25 May 2011 Author(s): Taly, A. Stanford Univ., Stanford, CA, USA Erlingsson ; Mitchell, J.C. ; Miller, M.S. ; Nagra, J. On Page(s): 363 - 378 Product Type: Conference Publications Available Formats Non-Member Price Member Price PDF US$31.00 US$10.00 Learn how you can qualify for the best price for the item! Download Citations Email Print Rights And Permissions Abstract JavaScript is widely used to provide client-side functionality in Web applications. To provide services ranging from maps to advertisements, Web applications may incorporate untrusted JavaScript code from third parties. The trusted portion of each application may then expose an API to untrusted code, interposing a reference monitor that mediates access to security-critical resources. However, a JavaScript reference monitor can only be effective if it cannot be circumvented through programming tricks or programming language idiosyncrasies. In order to verify complete mediation of critical resources for applications of interest, we define the semantics of a restricted version of JavaScript devised by the ECMA Standards committee for isolation purposes, and develop and test an automated tool that can soundly establish that a given API cannot be circumvented or subverted. Our tool reveals a previously-undiscovered vulnerability in the widely-examined Yahoo! AD Safe filter and verifies confinement of the repaired filter and other examples from the Object-Capability literature.

Electronic downloads

Citation formats  
  • HTML
    Ankur Taly, Ulfar Erlingsson, John C. Mitchell, Mark S.
    Miller, Jasvir Nagra. <a
    href="http://www.truststc.org/pubs/894.html"
    >Automated Analysis of Security-Critical JavaScript
    APIs</a>, IEEE Symposium on Security and Privacy (SP),
    pp.363-378, 22, May, 2011.
  • Plain text
    Ankur Taly, Ulfar Erlingsson, John C. Mitchell, Mark S.
    Miller, Jasvir Nagra. "Automated Analysis of
    Security-Critical JavaScript APIs". IEEE Symposium on
    Security and Privacy (SP), pp.363-378, 22, May, 2011.
  • BibTeX
    @inproceedings{TalyErlingssonMitchellMillerNagra11_AutomatedAnalysisOfSecurityCriticalJavaScriptAPIs,
        author = {Ankur Taly and Ulfar Erlingsson and John C.
                  Mitchell and Mark S. Miller and Jasvir Nagra},
        title = {Automated Analysis of Security-Critical JavaScript
                  APIs},
        booktitle = {IEEE Symposium on Security and Privacy (SP)},
        pages = {pp.363-378},
        day = {22},
        month = {May},
        year = {2011},
        abstract = {Browse Conference Publications > Security and
                  Privacy (SP), 20 ... Page Help Automated Analysis
                  of Security-Critical JavaScript APIs Full text
                  access may be available To access full text,
                  please use your member or institutional sign in.
                  Learn more about subscription options Already
                  purchased? View now Forgot Username/Password?
                  Forgot Institutional Username or Password?
                  Athens/Shibboleth This paper appears in: Security
                  and Privacy (SP), 2011 IEEE Symposium on Date of
                  Conference: 22-25 May 2011 Author(s): Taly, A.
                  Stanford Univ., Stanford, CA, USA Erlingsson ;
                  Mitchell, J.C. ; Miller, M.S. ; Nagra, J. On
                  Page(s): 363 - 378 Product Type: Conference
                  Publications Available Formats 	Non-Member Price
                  	Member Price PDF 	US$31.00 	US$10.00 Learn how
                  you can qualify for the best price for the item! 	
                  Download Citations Email Print Rights And
                  Permissions Abstract JavaScript is widely used to
                  provide client-side functionality in Web
                  applications. To provide services ranging from
                  maps to advertisements, Web applications may
                  incorporate untrusted JavaScript code from third
                  parties. The trusted portion of each application
                  may then expose an API to untrusted code,
                  interposing a reference monitor that mediates
                  access to security-critical resources. However, a
                  JavaScript reference monitor can only be effective
                  if it cannot be circumvented through programming
                  tricks or programming language idiosyncrasies. In
                  order to verify complete mediation of critical
                  resources for applications of interest, we define
                  the semantics of a restricted version of
                  JavaScript devised by the ECMA Standards committee
                  for isolation purposes, and develop and test an
                  automated tool that can soundly establish that a
                  given API cannot be circumvented or subverted. Our
                  tool reveals a previously-undiscovered
                  vulnerability in the widely-examined Yahoo! AD
                  Safe filter and verifies confinement of the
                  repaired filter and other examples from the
                  Object-Capability literature. },
        URL = {http://www.truststc.org/pubs/894.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.