Insecure Javascript Detection And Analysis Based On Browser-Enforced Embedded Rules

The browser is an important platform through which users interact with Internet as a client application program. At present, many malicious attacks taking place on line are associated with browsers, which do great damage to the users’security. Besides, Web2.0applications’friendly interface, plenty of functions and high practicality endear it to developers and users. The characteristics of Web2.0applications are that they allow accepting an untrusted source and putting plenty of computing works in the client side. With this trend, attackers have gradually shifted the attack space for their exploits from the server-side to the client-side logic. However, the current development of Web security technology has lagged far behind the applied technology, it makes attacks on Web applications frequently, and the JavaScript language has been much exploited by malicious parties to launch browser-based attacks.This paper we put forward an approach to control JavaScript execution with security inspection rules, and make sure that the browser is secure. The aim is to prevent or modify inappropriate behavior caused by malicious injected scripts. The protection mechanisms (security inspection rules) are embedded into the code automatically with GreaseMonkey and intercept security relevant events before they are executed. To detect the malicious behavior of codes, we don’t need to carry out the static analysis of JavaScript code, just compare the execution to high-level inspection rules. While visiting the website the system inserts the security inspection rules into the website automatically to analyze the potential safety hazard, and the log information of auditing can be saved in a local file on the client as well.The implementation of security inspection rules adopts the technology of the aspect-oriented programming. The challenges of creating security inspection rules come from the nature of the JavaScript language:any variables in the scope of the program can be redefined, and code can be created and run on-the-fly. This creates potential problems, respectively, for tamper-proofing the protection mechanism, and for ensuring that no security relevant events bypass the protection. Unlike previous approaches, the solution we propose is lightweight. First, it does not require a modified browser, and second it does not require any run-time parsing and transformation of code, including dynamically generated code. In addition, in this paper we evaluate our system against several real web applications at last, show that it does not require modifying the codes of browser, and it can protect against a variety of common malicious attacks effectively. Comparing with other systems, our system has low run-time overhead.