An Architecture for Enforcing JavaScript Randomization in Web2.0 Applications

Download Now Date Added: Sep 2010
Format: PDF

Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper the authors present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can be mixed with many other programming languages. Thus, RaJa can be practically deployed in existing web applications, which intermix server-side, client-side and markup languages.