An Architecture for Enforcing JavaScript Randomization in Web2.0 Applications

Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper the authors present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can be mixed with many other programming languages. Thus, RaJa can be practically deployed in existing web applications, which intermix server-side, client-side and markup languages.

Provided by: FOUNDATION FOR RESEARCH & TECHNOLOGY Topic: Software Date Added: Sep 2010 Format: PDF

Find By Topic