creators_name: Guha, Arjun
creators_name: Krishnamurthi, Shriram
creators_name: Jim, Trevor
type: conference_item
datestamp: 2009-04-06 19:10:07
lastmod: 2009-04-07 14:02:27
metadata_visibility: show
title: Using Static Analysis for Ajax Intrusion Detection
ispublished: pub
full_text_status: public
pres_type: paper
abstract: We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. We insert random asynchronous requests to foil mimicry attacks. Finally, we evaluate our technique against several real applications and show that it protects against an attack in a widely-used web application.
date: 2009-04
pagerange: 561-561
event_title: 18th International World Wide Web Conference
event_location: Madrid, Spain
event_dates: April 20th-24th, 2009
event_type: conference
refereed: TRUE
citation: Guha, Arjun <http://www2009.eprints.org/view/author/Guha=3AArjun=3A=3A.html> and Krishnamurthi, Shriram <http://www2009.eprints.org/view/author/Krishnamurthi=3AShriram=3A=3A.html> and Jim, Trevor <http://www2009.eprints.org/view/author/Jim=3ATrevor=3A=3A.html> (2009) Using Static Analysis for Ajax Intrusion Detection. In: 18th International World Wide Web Conference, April 20th-24th, 2009, Madrid, Spain.
document_url: http://www2009.eprints.org/57/1/p561.pdf