Detecting runtime anomalies in AJAX applications through trace analysis
Detecting runtime anomalies in AJAX applications through trace analysis
Files
Publication or External Link
Date
2011-08-24
Authors
Stuckman, Jeffrey
Purtilo, James
Advisor
Citation
DRUM DOI
Abstract
AJAX applications are prone to security vulnerabilities due to the ease
of inadvertently entrusting the client with security-critical logic. We
characterize exploits of such vulnerabilities as violations of a
protocol implicitly defined in the client-side code, and we introduce a
method to detect and prevent these protocol violations in middleware,
without having to modify the original application. We accomplish this by
instrumenting the client code to send fragments of execution traces to
the server, allowing the server to efficiently prove that the incoming
message complies with the protocol. By combining replay execution and
constraint solving, our method exploits the componentized structure of
applications to minimize the server computing power and network
bandwidth required to monitor them. A prototype running on the Google
Web Toolkit platform demonstrates our method.