| JavaScript引擎漏洞检测方法综述 |
| |
| 引用本文: | 林宏阳,彭建山,赵世斌,朱俊虎,许航. JavaScript引擎漏洞检测方法综述[J]. 计算机工程与应用, 2019, 55(11): 16-24. DOI: 10.3778/j.issn.1002-8331.1811-0174 |
| |
| 作者姓名: | 林宏阳 彭建山 赵世斌 朱俊虎 许航 |
| |
| 作者单位: | 数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002 |
| |
| 摘 要: | 由于语言特性导致的JavaScript引擎漏洞是当今应用软件软件安全的重要威胁之一,攻击者通常间接利用JavaScript引擎漏洞造成远程命令执行,获得系统的控制权。介绍了引擎的基本信息,对引擎中经常出现的漏洞进行了分类,分别综述了静态和动态分析检测的基本步骤和发展脉络,提出了针对JavaScript引擎漏洞的检测基本框架,讨论了制约检测效率瓶颈问题以及可能的解决方法,结合最新的技术应用指出了未来的发展趋势和亟待解决的问题。
|
| 关 键 词: | JavaScript引擎漏洞检测 类型混淆 静态分析 模糊测试 |
Survey on JavaScript Engine Vulnerability Detection |
| |
| LIN Hongyang,PENG Jianshan,ZHAO Shibin,ZHU Junhu,XU Hang. Survey on JavaScript Engine Vulnerability Detection[J]. Computer Engineering and Applications, 2019, 55(11): 16-24. DOI: 10.3778/j.issn.1002-8331.1811-0174 |
| |
| Authors: | LIN Hongyang PENG Jianshan ZHAO Shibin ZHU Junhu XU Hang |
| |
| Affiliation: | State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China |
| |
| Abstract: | JavaScript engine vulnerabilities caused by language features is one of the important threats to the security of today’s software. Attackers often use JavaScript engine vulnerabilities to demonstrate remote code execution and gain controllability of the operating system. This paper introduces the basic information of the JavaScript engine, classifies the vulnerabilities that often appear in the engine, and summarizes the basic steps and development of static and dynamic analysis methods. Then it proposes the basic framework for detecting vulnerabilities in JavaScript engines, and discusses the detection efficiency, bottlenecks and possible solutions. At last, it points out future trends and some issues. |
| |
| Keywords: | JavaScript engine vulnerability detection type confusion static analysis fuzzing |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载免费的PDF全文 |
|
