Show simple item record

Detecting runtime anomalies in AJAX applications through trace analysis

dc.contributor.authorStuckman, Jeffrey
dc.contributor.authorPurtilo, James
dc.description.abstractAJAX applications are prone to security vulnerabilities due to the ease of inadvertently entrusting the client with security-critical logic. We characterize exploits of such vulnerabilities as violations of a protocol implicitly defined in the client-side code, and we introduce a method to detect and prevent these protocol violations in middleware, without having to modify the original application. We accomplish this by instrumenting the client code to send fragments of execution traces to the server, allowing the server to efficiently prove that the incoming message complies with the protocol. By combining replay execution and constraint solving, our method exploits the componentized structure of applications to minimize the server computing power and network bandwidth required to monitor them. A prototype running on the Google Web Toolkit platform demonstrates our method.en_US
dc.relation.ispartofseriesUM Computer Science Department;CS-TR-4989
dc.titleDetecting runtime anomalies in AJAX applications through trace analysisen_US
dc.typeTechnical Reporten_US

Files in this item


This item appears in the following Collection(s)

Show simple item record