首页 | 本学科首页   官方微博 | 高级检索  
     

JavaScript引擎漏洞检测方法综述
引用本文:林宏阳,彭建山,赵世斌,朱俊虎,许航. JavaScript引擎漏洞检测方法综述[J]. 计算机工程与应用, 2019, 55(11): 16-24. DOI: 10.3778/j.issn.1002-8331.1811-0174
作者姓名:林宏阳  彭建山  赵世斌  朱俊虎  许航
作者单位:数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002;数字工程与先进计算国家重点实验室,郑州,450002
摘    要:由于语言特性导致的JavaScript引擎漏洞是当今应用软件软件安全的重要威胁之一,攻击者通常间接利用JavaScript引擎漏洞造成远程命令执行,获得系统的控制权。介绍了引擎的基本信息,对引擎中经常出现的漏洞进行了分类,分别综述了静态和动态分析检测的基本步骤和发展脉络,提出了针对JavaScript引擎漏洞的检测基本框架,讨论了制约检测效率瓶颈问题以及可能的解决方法,结合最新的技术应用指出了未来的发展趋势和亟待解决的问题。

关 键 词:JavaScript引擎漏洞检测  类型混淆  静态分析  模糊测试

Survey on JavaScript Engine Vulnerability Detection
LIN Hongyang,PENG Jianshan,ZHAO Shibin,ZHU Junhu,XU Hang. Survey on JavaScript Engine Vulnerability Detection[J]. Computer Engineering and Applications, 2019, 55(11): 16-24. DOI: 10.3778/j.issn.1002-8331.1811-0174
Authors:LIN Hongyang  PENG Jianshan  ZHAO Shibin  ZHU Junhu  XU Hang
Affiliation:State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China
Abstract:JavaScript engine vulnerabilities caused by language features is one of the important threats to the security of today’s software. Attackers often use JavaScript engine vulnerabilities to demonstrate remote code execution and gain controllability of the operating system. This paper introduces the basic information of the JavaScript engine, classifies the vulnerabilities that often appear in the engine, and summarizes the basic steps and development of static and dynamic analysis methods. Then it proposes the basic framework for detecting vulnerabilities in JavaScript engines, and discusses the detection efficiency, bottlenecks and possible solutions. At last, it points out future trends and some issues.
Keywords:JavaScript engine vulnerability detection  type confusion  static analysis  fuzzing  
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号