%0 Journal Article
%T 基于代码改写的JavaScript动态污点跟踪<br>Dynamic taint tracking in JavaScript using revised code
%A 王伟平
%A 柏军洋
%A 张玉婵
%A 王建新
%J 清华大学学报（自然科学版）
%D 2016
%R 10.16511/j.cnki.qhdxxb.2016.21.063
%X 随着Web技术的飞速发展，JavaScript的使用越来越常见，尤其是在追求快速及时响应的Web应用中，这也导致了众多安全问题的产生。该文提出了一种基于代码改写的JavaScript动态污点跟踪方法JSTA，通过JavaScript代码的改写，让改写后的代码在执行过程中对敏感数据进行污点标记和跟踪，可及时发现敏感数据泄露行为并给出告警。与以往的研究不同的是，JSTA是独立于JavaScript引擎实现的，可以适用于多种浏览器。测试结果表明，JSTA可有效地跟踪敏感数据并检测敏感数据泄露行为。<br>Abstract：The rapid development of the web has led to increasing use of JavaScript, especially in websites requiring rapid responses between the web server and the client, which has led to many security problems. This paper presents a dynamic taint tracking method based on a revised JavaScript code. The revised code can mark and track sensitive data transmission paths during JavaScript execution and warn the user of possible leakage of the marked sensitive data. This implementation is independent of the JavaScript engine and can be used in a variety of browsers. Tests show that this method can effectively track sensitive data and detect abnormal behavior.
%K 敏感数据
%K 动态污点跟踪
%K JavaScript
%K &lt
%K br&gt
%K sensitive data
%K dynamic taint tracking
%K JavaScript
%U http://jst.tsinghuajournals.com/CN/Y2016/V56/I9/956