Detecting runtime anomalies in AJAX applications through trace analysis

Loading...
Thumbnail Image

Files

CS-TR-4989.pdf (238.68 KB)
No. of downloads: 833

Publication or External Link

Date

2011-08-24

Advisor

Citation

DRUM DOI

Abstract

AJAX applications are prone to security vulnerabilities due to the ease of inadvertently entrusting the client with security-critical logic. We characterize exploits of such vulnerabilities as violations of a protocol implicitly defined in the client-side code, and we introduce a method to detect and prevent these protocol violations in middleware, without having to modify the original application. We accomplish this by instrumenting the client code to send fragments of execution traces to the server, allowing the server to efficiently prove that the incoming message complies with the protocol. By combining replay execution and constraint solving, our method exploits the componentized structure of applications to minimize the server computing power and network bandwidth required to monitor them. A prototype running on the Google Web Toolkit platform demonstrates our method.

Notes

Rights