WIDE Paper-List in 2010





  Towards Revealing JavaScript Program Intents using Abstract Interpretation
                      wide-paper-swan-aintec2010-00.txt









                     WIDE Project: http://www.wide.ad.jp/
                 If you have any comments on WIDE documents,
                     please contact to board@wide.ad.jp.

Title: Towards Revealing JavaScript Program Intents using Abstract Interpretation
Author(s): 
   Gregory Blanc,
   Youki Kadobayashi
Date: 2010-12-15

url:        
x-wide-wgnames: SWAN
keywords: Web 2.0, JavaScript malware, Client-side, Abstract Interpretation
references: 
summary_ja: |
summary: | Everyday, millions of Internet users access AJAX-powered web applications. 
However, such richness is prone to security issues. In particular, Web 2.0 attacks are 
difficult to detect and block since it is similar to legitimate traffic.
As a ground for our research, we review past related works and explain what might be 
missing to tackle Web 2.0 security issues. Especially, we show that tackling AJAX-based 
attacks often lacks a context that can only be conveyed during real-time analysis.
In our research, we advocate the usage of abstract interpreta- tion of JavaScript code 
to provide maximum coverage and to ensure completeness. Besides, we introduce a 
proxy-based proposal to provide analysis of JavaScript malware. 
misc:

@inproceedings{bla:aintec2010,
   author = {Gregory Blanc and Youki Kadobayashi},
   title = {Towards Revealing JavaScript Program Intents using Abstract Interpretation},
   booktitle = {6th Asian Internet Engineering Conference (AINTEC 2010)},
   month = {November},
   year = {2010},
}