Detecting Malicious JavaScript Code in Mozilla

Short Description
properties. Sand-boxing is a crucial aspect in JavaScript security,. and this technique has been extensively researched by the. security community. …

Website: www.cs.ucsb.edu | Filesize: 277kb

Content
Detecting Malicious JavaScript Code in Mozilla
Oystein Hallaraker and Giovanni Vigna
Reliable Software Group
Department of Computer Science
University of California, Santa Barbara
hallarak@stud.ntnu.no, vigna@cs.ucsb.edu
Abstract
The JavaScript language is used to enhance the clientside
display of web pages. JavaScript code is downloaded
into browsers and executed on-the-fly by an embedded interpreter.
Browsers provide sand-boxing mechanisms to prevent
JavaScript code from compromising the security of the
client’s environment, but, unfortunately, a number of attacks
exist that can be used to steal users’ credentials (e.g., crosssite
scripting attacks) and lure users into providing sensitive
information to unauthorized parties (e.g., phishing attacks).
We propose an approach to solve this problem that
is based on monitoring JavaScript code execution and comparing
the execution to high-level policies, to detect malicious
code behavior. To achieve this goal it is necessary to
provide a mechanism to audit the execution of JavaScript
code. This is a difficult task, because of the close integration
of JavaScript with complex browser applications, such
as Mozilla. This paper presents the first existing implementation
of an auditing system for JavaScript interpreters and
discusses the pitfalls and lessons learned…