Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

   

2010 Research Summary

JavaScript Heap Analysis

View Current Project Information

Joel Weinberger, Adam Barth and Dawn Song

Our goal is to exam vulnerabilities in JavaScript and JavaScript applications using heap analysis. We have developed a novel technique to exam relationships on objects in the JavaScript heap. Using heap analysis, we have built several tools inside of real web browsers to analyze their treatment of the JavaScript heap. Our initial work focused on the implementation of JavaScript and vulnerabilities that arise from bugs and mistakes in the implementation.[1] However, we have begun to focus on other applications, such as safe JavaScript subsets like ADSafe for web advertisements.

[1]
Cross-Origin JavaScript Capability Leaks: Detection Exploitation and Defense. USENIX Security Symposium, 2009.