DTA technique for JavaScript optimizing compilation mode
LIANG Bin1,2, GONG Weigang1,2, YOU Wei1,2, LI Zan1,2, SHI Wenchang1,2
1. Key Laboratory of Data Engineering and Knowledge Engineering(Renmin University of China) of Ministry of Education, Beijing 100872, China;
2. School of Information, Renmin University of China, Beijing 100872, China
Abstract:Mainstream JavaScript engines have introduced optimizing compilers. These compilers generate more efficient executable code for frequently functions run, but these optimizing compilers brings new challenges to the dynamic taint analysis (DTA) method implemented via dynamic instrumentation. This paper focuses on the HTML5-based hybrid android App and presents a dynamic taint analysis method for the optimizing compilers in the V8 JavaScript engine using dynamic instrumentation. In this method, the taint box object is used to store the taint tags and the taint tracking code is instrumented at the hydrogen level of the optimizing compiler. Tests show that this dynamic taint analysis technique effectively tracks the taint information flow in the optimizing compiler with acceptable performance overhead.
Google. A new crankshaft for V8. (2010-12-07). http://blog.chromium.org/2010/12/new-crankshaft-for-v8.html.
[3]
Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic ution (but might have been afraid to ask)[C]//Security and Privacy (SP), 2010 IEEE symposium. Washington DC, USA:IEEE, 2010:317-331.
[4]
Chudnov A, Naumann D A. Inlined information flow monitoring for JavaScript[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA:ACM, 2015:629-643.
[5]
Jang D, Jhala R, Lerner S, et al. An empirical study of privacy-violating information flows in JavaScript web applications[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security. New York, NY, USA:ACM, 2010:270-283.
[6]
Santos J F, Rezk T. An information flow monitor-inlining compiler for securing a core of JavaScript[C]//IFIP International Information Security Conference. Berlin, Germany:Springer Verlag, 2014:278-292.
[7]
Yu D, Chander A, Islam N, et al. JavaScript instrumentation for browser security[C]//Proceedings of 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York, NY, USA:ACM, 2007:237-249.
[8]
Bichhawat A, Rajani V, Garg D, et al. Information flow control in WebKit's JavaScript bytecode[C]//Proceedings of the 3rd International Conference on Principles of Security and Trust. Berlin, Germany:Springer-Verlag, 2014:159-178.
[9]
Just S, Cleary A, Shirley B, et al. Information flow analysis for JavaScript[C]//Proceedings of the 1st ACM Sigplan International Workshop on Programming Language and Systems Technologies for Internet Clients. New York, NY, USA:ACM, 2011:9-18.
[10]
Rajani V, Bichhawat A, Garg D, et al. Information flow control for event handling and the DOM in web browsers[C]//Proceedings of the 28th IEEE Computer Security Foundations Symposium. Washington DC, USA:IEEE Press, 2015:366-379.
Felt A P, Finifter M, Chin E, et al. A survey of mobile malware in the wild[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York, NY, USA:ACM, 2011:3-14.
[13]
费里曼A. HTML5权威指南[M]. 谢廷晟, 牛化成, 刘美英, 译. 北京:人民邮电出版社, 2014. Freeman A. The Definitive Guide to HTML5[M]. XIE Tingsheng, NIU Huacheng, LIU Meiying, trans. Beijing:Posts & Telecom Press, 2014. (in Chinese)
[14]
Pizlo F. SunSpider benchmark. (2013-04-30). https://webkit.org/pref/sunspider/sunspider.html.