| Web applications are under the threat of malicious host problem. How to ensure the core algorithm or main business process’s security of Web applications has been a serious problem needed to be solved. For the problem of weak effectiveness to resist dynamic analysis and cumulative attack in present JavaScript code protection methods, a JavaScript code protection method with temporal diversity was proposed, called TDJSP. Firstly, the method constructed variant execution paths with equivalent semantics and scheduled them dynamically. What’s more, the method added the self-modification mechanism based on the runtime environment’s features inspection to the program to provide the long-term protection.The research of TDJSP includes following four parts:(1) The construction method of diversity. It means to construct multiple execution paths with equivalent semantics making the program obtain the diverse ability to improve the difficulty of cumulative attack. It used various obfuscation algorithms and combined them with random selection of security codes and its location.(2) The dynamical scheduling on diversity. In order to make the program obtain the ability of choosing variant execution paths during the runtime, the method scheduled the multi-paths dynamically by constructing the diversity controller which is based on the DFA.(3) The self-modification mechanism based on runtime environment inspection.Firstly, the method detected the features of JavaScript runtime environment. Secondly, it built the implicit response mechanism based on the self-modification technique to prevent dynamic analysis.(4) The implementation of TDJSP’s prototype. According to the experiment results, TDJSP is effective and applicable for JavaScript code protection. |
PDF Full Text Request