目前,主流的JavaScript执行引擎为了提高效率,引入优化编译执行模式,对频繁运行的热点函数进行即时优化编译。优化编译执行模式的引入,给通过动态插桩实现JavaScript程序的动态污点分析(dynamic taint analysis,DTA)带来了新的挑战。针对这一问题,该文针对HTML5混合型安卓应用,通过修改其所使用的V8 JavaScript引擎,基于动态插桩实现了一种优化编译执行模式下的动态污点分析方法。该方法使用污染包裹对象的方式对污点标签进行存储,在优化编译执行模式下的Hydrogen中间代码层面进行插桩操作。实验结果表明:该方法能够有效地在优化编译执行模式下进行污点跟踪,且性能开销也在可以接受的范围内。
Abstract
Mainstream JavaScript engines have introduced optimizing compilers. These compilers generate more efficient executable code for frequently functions run, but these optimizing compilers brings new challenges to the dynamic taint analysis (DTA) method implemented via dynamic instrumentation. This paper focuses on the HTML5-based hybrid android App and presents a dynamic taint analysis method for the optimizing compilers in the V8 JavaScript engine using dynamic instrumentation. In this method, the taint box object is used to store the taint tags and the taint tracking code is instrumented at the hydrogen level of the optimizing compiler. Tests show that this dynamic taint analysis technique effectively tracks the taint information flow in the optimizing compiler with acceptable performance overhead.
关键词
优化编译 /
动态污点分析(DTA) /
JavaScript
Key words
optimizing compilation /
dynamic taint analysis (DTA) /
JavaScript
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] Adobe. Adobe phonegap. (2016-06-24). http://docs.phonegap.com. [2] Google. A new crankshaft for V8. (2010-12-07). http://blog.chromium.org/2010/12/new-crankshaft-for-v8.html. [3] Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic ution (but might have been afraid to ask)[C]//Security and Privacy (SP), 2010 IEEE symposium. Washington DC, USA:IEEE, 2010:317-331. [4] Chudnov A, Naumann D A. Inlined information flow monitoring for JavaScript[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA:ACM, 2015:629-643. [5] Jang D, Jhala R, Lerner S, et al. An empirical study of privacy-violating information flows in JavaScript web applications[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security. New York, NY, USA:ACM, 2010:270-283. [6] Santos J F, Rezk T. An information flow monitor-inlining compiler for securing a core of JavaScript[C]//IFIP International Information Security Conference. Berlin, Germany:Springer Verlag, 2014:278-292. [7] Yu D, Chander A, Islam N, et al. JavaScript instrumentation for browser security[C]//Proceedings of 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York, NY, USA:ACM, 2007:237-249. [8] Bichhawat A, Rajani V, Garg D, et al. Information flow control in WebKit's JavaScript bytecode[C]//Proceedings of the 3rd International Conference on Principles of Security and Trust. Berlin, Germany:Springer-Verlag, 2014:159-178. [9] Just S, Cleary A, Shirley B, et al. Information flow analysis for JavaScript[C]//Proceedings of the 1st ACM Sigplan International Workshop on Programming Language and Systems Technologies for Internet Clients. New York, NY, USA:ACM, 2011:9-18. [10] Rajani V, Bichhawat A, Garg D, et al. Information flow control for event handling and the DOM in web browsers[C]//Proceedings of the 28th IEEE Computer Security Foundations Symposium. Washington DC, USA:IEEE Press, 2015:366-379. [11] Vison Mobile. Cross-platform tools 2015. (2015-06-30). http://www.visionmobile.com/product/cross-platform-tools-2015. [12] Felt A P, Finifter M, Chin E, et al. A survey of mobile malware in the wild[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York, NY, USA:ACM, 2011:3-14. [13] 费里曼A. HTML5权威指南[M]. 谢廷晟, 牛化成, 刘美英, 译. 北京:人民邮电出版社, 2014. Freeman A. The Definitive Guide to HTML5[M]. XIE Tingsheng, NIU Huacheng, LIU Meiying, trans. Beijing:Posts & Telecom Press, 2014. (in Chinese) [14] Pizlo F. SunSpider benchmark. (2013-04-30). https://webkit.org/pref/sunspider/sunspider.html.
PDF(1701 KB)
