• Title/Summary/Keyword: JAVA SCRIPT

Search Result 216, Processing Time 0.033 seconds

Event Modeling for Static Analysis of JavaScript Event Dispatch (자바스크립트의 이벤트 동작 분석을 위한 이벤트 모델링)

  • Ryou, Yeonhee;Ryu, Sukyoung
    • KIISE Transactions on Computing Practices
    • /
    • v.21 no.12
    • /
    • pp.751-755
    • /
    • 2015
  • Many JavaScript programs are event-driven in the sense that they heavily use event functions that take user inputs to manipulate program behaviors. Thus, in order to statically analyze event-driven JavaScript programs effectively and precisely, static analyzers should be able to understand and precisely analyze the behaviors of events in terms of how they are created and evaluated. In this paper, we describe several reasons why static analysis of event behaviors in JavaScript programs is particularly difficult, and present a new event modeling mechanism that can represent behaviors of events precisely and efficiently for effective analysis of event-based JavaScript programs.

Performance Evaluation of JavaScript Engines Using SunSpider Benchmarks (SunSpider 벤치마크를 통한 자바스크립트 엔진의 성능 평가)

  • Jung, Won-Ki;Lee, Seong-Won;Oh, Hyeong-Seok;Oh, Jin-Seok;Moon, Soo-Mook
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.16 no.6
    • /
    • pp.722-726
    • /
    • 2010
  • The recent deployment of RIA (Rich Internet Application) is often involved with the complex JavaScript code, which leads to the announcement of high performance JavaScript engines for its efficient execution. And the Sunspider benchmark is being widely used for the performance evaluation of these JavaScript engines. In this paper, we compare the execution methods of three high-performance JavaScript engines, Mozilla TraceMonkey, Google V8, and Apple SquirrelFish Extreme, and measure their performances using the SunSpider benchmark. We also evaluate the pros and cons of each engine, based on its execution method and the code characteristics of the SunSpider benchmarks.

JsSandbox: A Framework for Analyzing the Behavior of Malicious JavaScript Code using Internal Function Hooking

  • Kim, Hyoung-Chun;Choi, Young-Han;Lee, Dong-Hoon
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.2
    • /
    • pp.766-783
    • /
    • 2012
  • Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers. By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client's system, and so on. In order to reduce damage, malicious web pages must be located prior to general users accessing the infected pages. In this paper, a novel framework (JsSandbox) that can monitor and analyze the behavior of malicious JavaScript code using internal function hooking (IFH) is proposed. IFH is defined as the hooking of all functions in the modules using the debug information and extracting the parameter values. The use of IFH enables the monitoring of functions that API hooking cannot. JsSandbox was implemented based on a debugger engine, and some features were applied to detect and analyze malicious JavaScript code: detection of obfuscation, deobfuscation of the obfuscated string, detection of URLs related to redirection, and detection of exploit codes. Then, the proposed framework was analyzed for specific features, and the results demonstrate that JsSandbox can be applied to the analysis of the behavior of malicious web pages.

Runtime-Guard Coverage Guided Fuzzer Avoiding Deoptimization for Optimized Javascript Functions (최적화 컴파일된 자바스크립트 함수에 대한 최적화 해제 회피를 이용하는 런타임 가드 커버리지 유도 퍼저)

  • Kim, Hong-Kyo;Moon, Jong-sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.443-454
    • /
    • 2020
  • The JavaScript engine is a module that receives JavaScript code as input and processes it, among many functions that are loaded into web browsers and display web pages. Many fuzzing test studies have been conducted as vulnerabilities in JavaScript engines could threaten the system security of end-users running JavaScript through browsers. Some of them have increased fuzzing efficiency by guiding test coverage in JavaScript engines, but no coverage guided fuzzing of optimized, dynamically generated machine code was attempted. Optimized JavaScript codes are difficult to perform sufficient iterative testing through fuzzing due to the function of runtime guards to free the code in the event of exceptional control flow. To solve these problems, this paper proposes a method of performing fuzzing tests on optimized machine code by avoiding deoptimization. In addition, we propose a method to measure the coverage of runtime-guards by the dynamic binary instrumentation and to guide increment of runtime-guard coverage. In our experiment, our method has outperformed the existing method at two measures: runtime coverage and iteration by time.

Implementation of Java Web Server for Web Lecture Script (Web Lecture Script를 위한 Java Web Server 구현)

  • Hwang, Hyo-Sun;Kim, Eun-Young;Kim, Hye-Yeon;Han, Ji-Seon;Cho, Dong-Sub
    • Proceedings of the KIEE Conference
    • /
    • 1999.07g
    • /
    • pp.2965-2967
    • /
    • 1999
  • 본 논문에서는 Web Lecture script를 정의하고 이를 효과적으로 운영하기 위한 Java Web Server를 설계 구현하였다. Web Lecture Script란 강의록, 문제출제, 문제 평가, 숙제 제출, 자료실, 토론방 등의 가상 대학 환경을 편리하게 구축하기 위해서 데이터베이스 및 파일의 접근을 Web 환경의 script막을 사통하여 구현할 수 있도록 정의한 것이다. Lecture시스템은 사용자에게 정형화된 포맷이 많이 쓰이기 때문에 script로 정형화된 형태의 인터페이스가 적합하며, 실제적인 구현이 Jaya로 이루어지기 때문에 확장의 범위가 크다. Web Server는 이러한 Lecture Script를 사용자에게 제공하기 위한 Script Engine을 포함하고 있어야 하는데, 이러한 Script Engine이 Web Server라 어떻게 상호작용 하는가에 따라 성능이 좌우된다. 상호 작용하는 방법에는 Script Engine이 Web Server 자체에 포함될 경우, 독립적인 프로세서를 띄워서 처리하는 방법 스크립트만을 처리하는 별도의 서버를 두어 처리를 전환하는 방법이 있다. 따라서 Lecture Script 처리 Engine은 여러 방법으로 구현하고 성능을 비교하여 보다 효과적인 서버를 제안하고자 한다.

  • PDF

Low-Power Encryption Algorithm Block Cipher in JavaScript

  • Seo, Hwajeong;Kim, Howon
    • Journal of information and communication convergence engineering
    • /
    • v.12 no.4
    • /
    • pp.252-256
    • /
    • 2014
  • Traditional block cipher Advanced Encryption Standard (AES) is widely used in the field of network security, but it has high overhead on each operation. In the 15th international workshop on information security applications, a novel lightweight and low-power encryption algorithm named low-power encryption algorithm (LEA) was released. This algorithm has certain useful features for hardware and software implementations, that is, simple addition, rotation, exclusive-or (ARX) operations, non-Substitute-BOX architecture, and 32-bit word size. In this study, we further improve the LEA encryptions for cloud computing. The Web-based implementations include JavaScript and assembly codes. Unlike normal implementation, JavaScript does not support unsigned integer and rotation operations; therefore, we present several techniques for resolving this issue. Furthermore, the proposed method yields a speed-optimized result and shows high performance enhancements. Each implementation is tested using various Web browsers, such as Google Chrome, Internet Explorer, and Mozilla Firefox, and on various devices including personal computers and mobile devices. These results extend the use of LEA encryption to any circumstance.

Automatic Alignment System for Group Schedule of Event-based Real-time Response Web Processing using Node.js

  • Kim, Hee-Wan
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.11 no.1
    • /
    • pp.26-33
    • /
    • 2018
  • A web application running on the Internet is causing many difficulties for a program developer, and it requires to process multiple sessions at the same time due to the occurrence of excessive traffic. Web applications should be able to process concurrent requests efficiently and in real time. Node.js is a single-threaded server-side JavaScript environment implemented in C and C ++ as one of the latest frameworks to implement event models across the entire stack. Nodes implement JavaScript quickly and robust to achieve the best performance using a JavaScript V8 engine developed by Google. In this paper, it will be explained the operation principle of Node.js, which is a lightweight real-time web server that can be implemented in JavaScript for real-time responsive web applications. In addition, this application was practically implemented through automatic alignment system for group scheduling to demonstrate event-based real-time response web processing.

Development of Branch Processing System Using WebAssembly and JavaScript

  • Choi, Moon-Hyuk;Moon, Il-Young
    • Journal of information and communication convergence engineering
    • /
    • v.17 no.4
    • /
    • pp.234-238
    • /
    • 2019
  • Existing web applications and services have historically been implemented using JavaScript. However, new technologies such as artificial intelligence, the Internet of Things, and Big Data are being developed as part of the Fourth Industrial Revolution. With the definition of the HTML5 web standard, services (such as the technologies mentioned above) that were previously not available through the Web become available. These services, however, need to have the same performance as native applications, and implementing these services will require new technologies. Therefore, additional tools that can work on the Web with native performance are needed. In this paper, a system for branching processing was established using JavaScript and WebAssembly, a language that can operate on the Web. This system performs user requests in advance, and requests are branched in a language that produces faster results. Therefore, a service capable of quick response times can be implemented.

JavaScript Error Detection System Using Node.js (Node.js를 이용한 자바스크립트 에러 감지 시스템)

  • Ju-Hwan Park;Sung Jin Kim;Young Hyun Yoon;Jai Soon Baek
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2023.07a
    • /
    • pp.263-264
    • /
    • 2023
  • 본 연구에서는 JavaScript와 Node.js를 활용하여 대용량 트래픽을 처리하는 웹 에러 모니터링 시스템을 개발했다. Node.js의 비동기식 I/O 처리와 이벤트 기반 아키텍처를 활용하여 높은 처리량과 확장성을 제공하며, Express 프레임워크를 사용하여 개발 편의성을 높였다. 에러 내용은 MySQL 데이터베이스에 저장되고, 클라이언트에서 요청할 때 JavaScript를 삽입하여 에러 정보를 전송한다. 이를 통해 웹 에러 모니터링 시스템은 실시간으로 에러를 분석하고 모니터링할 수 있다. 또한, Chart.js를 활용하여 시각화된 에러 현황을 사용자에게 제공한다. 이를 통해 개발자들은 웹사이트의 안정성을 향상시키고 사용자들에게 원활한 경험을 제공할 수 있게 되었다.

  • PDF