Detecting runtime anomalies in AJAX applications through trace analysis

Simple item page
dc.contributor.authorStuckman, Jeffrey
dc.contributor.authorPurtilo, James
dc.date.accessioned2011-10-01T15:38:05Z
dc.date.available2011-10-01T15:38:05Z
dc.date.issued2011-08-24
dc.description.abstractAJAX applications are prone to security vulnerabilities due to the ease of inadvertently entrusting the client with security-critical logic. We characterize exploits of such vulnerabilities as violations of a protocol implicitly defined in the client-side code, and we introduce a method to detect and prevent these protocol violations in middleware, without having to modify the original application. We accomplish this by instrumenting the client code to send fragments of execution traces to the server, allowing the server to efficiently prove that the incoming message complies with the protocol. By combining replay execution and constraint solving, our method exploits the componentized structure of applications to minimize the server computing power and network bandwidth required to monitor them. A prototype running on the Google Web Toolkit platform demonstrates our method.en_US
dc.identifier.urihttp://hdl.handle.net/1903/11859
dc.language.isoen_USen_US
dc.relation.ispartofseriesUM Computer Science Department;CS-TR-4989
dc.titleDetecting runtime anomalies in AJAX applications through trace analysisen_US
dc.typeTechnical Reporten_US

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
CS-TR-4989.pdf
Size:
238.68 KB
Format:
Adobe Portable Document Format
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.57 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Technical Reports of the Computer Science Department