Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2012.19C.1.047

Detecting Malicious Scripts in Web Contents through Remote Code Verification  

Choi, Jae-Yeong (인천대학교 컴퓨터공학과)
Kim, Sung-Ki (선문대학교 IT교육학부)
Lee, Hyuk-Jun (인천대학교 컴퓨터공학과)
Min, Byoung-Joon (인천대학교 컴퓨터공학과)
Publication Information
The KIPS Transactions:PartC / v.19C, no.1, 2012 , pp. 47-54 More about this Journal
Abstract
Sharing cross-site resources has been adopted by many recent websites in the forms of service-mashup and social network services. In this change, exploitation of the new vulnerabilities increases, which includes inserting malicious codes into the interaction points between clients and services instead of attacking the websites directly. In this paper, we present a system model to identify malicious script codes in the web contents by means of a remote verification while the web contents downloaded from multiple trusted origins are executed in a client's browser space. Our system classifies verification items according to the origin of request based on the information on the service code implementation and stores the verification results into three databases composed of white, gray, and black lists. Through the experimental evaluations, we have confirmed that our system provides clients with increased security by effectively detecting malicious scripts in the mashup web environment.
Keywords
Detection of Malicious Scripts; Remote Code Verification; White List; Black List;
Citations & Related Records
연도 인용수 순위
  • Reference
1 W. Maes, T. Heyman, L. Desmet, and W. Joosen. "Browser Protection against Cross-Site Request Forgery". In Workshop on Secure Execution of Untrusted Code (SecuCode), 2009.
2 C. Jackson and H. J. Wang. "Subspace: Secure Cross-Domain Communication for Web Mashups". In Proceedings of the 16th International World Wide Web Conference (WWW), 2007.
3 F. D. Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama. "Smash: secure component model for cross-domain mashups on unmodified browsers". In Proceeding of the 17th international conference on World Wide Web (WWW), 2008.
4 C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. "BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML", In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2006.
5 A. Moshchuk, T. Bragin, D. Deville, S. D. Gribble, and H. M. Levy. "SpyProxy: Execution-based Detection of Malicious Web Content", In Proceedings of the 16th USENIX Security Symposium, 2007.
6 OWASP Foundation, "Cross-Site Request Forgery(CSRF)". https://www.owasp.org/index.php/Cross-Site_Request_For gery, 2010.
7 OWASP Foundation, "Cross-site Scripting". https://www. owasp.org/index.php/Cross-site_scripting, 2010.
8 Attack & Defense Lab, "Cross Origin Requests Security", http://www.andlabs.org/html5.html
9 민병준, 김성기, 최재영 외, "모바일 접속환경을 위한 웹사이트 침해예방 연구", 한국인터넷진흥원, 2010.09.
10 Wikipedia, "Same origin policy", http://en.wikipedia.org/wiki/Same_origin_policy.
11 A. van Kesteren, "Cross-Origin Resource Sharing", http://www.w3.org/TR/cors/, W3C Working Draft, 2010.
12 S. Hanna, E. Chul, R. Shin, D. Akhawe, A. Boehm, P. Saxena, and D. Song, "The emperor's new APIs: On the (in)secure usage of new client-side primitives", Web2.0 Security and Privacy Conference (W2SP), 2010.
13 Adobe, "Cross-domain policy file specification", http://www. adobe.com/devnet/articles/crossdomain_policy_file_spec.html, 2010.
14 Yahoo Developer Network's Javascript Developer Center, "JavaScript: Use a Web Proxy for Cross-Domain XML HttpRequest Calls", http://developer.yahoo.com/javascript/howto-proxy.html.
15 Google, "Google safe browsing", http://code.google.com/apis/safebrowsing/.
16 N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. "The ghost in the browser analysis of web-based malware", Proc. Of the USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), 2007.
17 Microsoft, "SmartScreen Filter | Internet Explorer 8 Security.", http://www.microsoft.com/security/filters/smartscreen.aspx.