• Journal of KIISE
• /
• v.42 no.11
• /
• pp.1404-1409
• /
• 2015

In this paper, we present a novel approach to analyzing large-scale JavaScript applications statically by tuning the analysis scalability, possibly sacrificing soundness. For a given sound static baseline analysis of JavaScript programs, our framework allows users to define a sound approximation of selected executions that they wish to analyze, and it derives a tuned static analysis that can analyze the selected executions practically. The selected executions serve as parameters of the framework by taking a trade-off between the scalability and the soundness of the derived analyses. We formally describe our framework in the abstract interpretation setting and present two instances of the framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.573-582
• /
• 2020

Fuzzing is a method of testing software by randomly generating test cases. Since its introduction, a variety of fuzzing techniques have been studied. Among them, mutation-based fuzzing is an efficient method that finds real-world bugs even though it uses a simple approach such as probabilistic bit-flipping and character substitution. However, the interpreter fuzzing has difficulty in applying general mutation techniques because the interpreter requires grammar and semantic correctness input values. In this paper, we present a novel mutation-based fuzzing on JavaScript interpreters with a dynamic data flow analysis. To this end, we implement JMFuzzer that can generate various types of mutated test cases that operate normally without runtime errors in JavaScript interpreter considering syntax and semantics. As a result, we found numerous unknown vulnerabilities in the latest JavaScript interpreters. We reported all of them to the vendors.

• International Journal of Contents
• /
• v.7 no.2
• /
• pp.11-16
• /
• 2011

In this paper, we develop a mobile MAP open API using HTML5 local storage and the W3C geolocation API. The mobile MAP open API consists of the basic JavaScript MAP API, offline navigation API, and multimedia POI (mPOI) API. The basic JavaScript MAP API creates a map and controls, rotates, and overlays data on the map. The offline navigation API is developed using HTML5 local storage and web storage. The mobile web application downloads and stores mPOIs of works of art to local storage or web storage from a web server. The mPOI API is developed using HTML5 video and audio APIs. We develop a mobile art park guidance application using the developed mobile MAP open API.

• Journal of Practical Engineering Education
• /
• v.16 no.1_spc
• /
• pp.11-19
• /
• 2024

Web programming courses are often included in university Computer Science programs as introductory and foundational computer programming courses. However, amateur programmers often have difficulty learning how to integrate HTML, CSS, JavaScript, and various preprocessors or libraries to create websites. Additionally, many web programming mistakes do not produce visible output in the browser. Therefore, in recent years, Front-End Code Playground (FECP) tools that incorporate HTML, CSS, and JavaScript into a single, online web-based application have become popular. These tools allow web coding to happen directly in the browser and provide immediate visual feedback to users. Such immediate visual feedback can be particularly beneficial for amateur coders to learn and practice with. Therefore, this study gathers data on various FECP tools, compares their differences, and provides an analysis of how such tools benefit students. This study concludes with an outline of the application of FECP to web programming courses to enhance the learning experience.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.2
• /
• pp.263-277
• /
• 2021

Taint analysis techniques are popularly used to detect web vulnerabilities originating from unverified user input data, such as Cross-Site Scripting (XSS) and SQL Injection, in web applications written in JavaScript. To detect such vulnerabilities, it would be necessary to trace variables affected by user-submitted inputs. However, because of the dynamic nature of JavaScript, it has been a challenging issue to identify those variables without running the web application code. Therefore, most existing taint analysis tools have been developed based on dynamic taint analysis, which requires the overhead of running the target application. In this paper, we propose a novel static taint analysis technique using symbol information obtained from the TypeScript (a superset of JavaScript) compiler to accurately track data flow and detect security vulnerabilities in TypeScript code. Our proposed technique allows developers to annotate variables that can contain unverified user input data, and uses the annotation information to trace variables and data affected by user input data. Since our proposed technique can seamlessly be incorporated into the TypeScript compiler, developers can find vulnerabilities during the development process, unlike existing analysis tools performed as a separate tool. To show the feasibility of the proposed method, we implemented a prototype and evaluated its performance with 8 web applications with known security vulnerabilities. We found that our prototype implementation could detect all known security vulnerabilities correctly.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.85-93
• /
• 2018

In recent years, there has been an increasing number of ways to distribute document-based malicious code using vulnerabilities in document files. Because document type malware is not an executable file itself, it is easy to bypass existing security programs, so research on a model to detect it is necessary. In this study, we extract main features from the document structure and the JavaScript contained in the stream object In addition, when JavaScript is inserted, keywords with high occurrence frequency in malicious code such as function name, reserved word and the readable string in the script are extracted. Then, we generate a machine learning model that can distinguish between normal and malicious. In order to make it difficult to bypass, we try to achieve good performance in a black box type algorithm. For an experiment, a large amount of documents compared to previous studies is analyzed. Experimental results show 98.9% detection rate from three different type algorithms. SVM, which is a black box type algorithm and makes obfuscation difficult, shows much higher performance than in previous studies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.910-913
• /
• 2015

자바스크립트는 웹 페이지를 제어하기 위한 표준적인 스크립트 언어로 오랫동안 사용되어 왔다. 최근 웹 앱이나 서버사이드 응용 프로그램을 자바스크립트로 작성하게 되면서, 자바스크립트 프로그램을 더욱 빠르게 동작하도록 만드는 것이 중요한 이슈가 되었다. 본 논문에서는 암시적인 동적 타입 시스템을 사용하는 자바스크립트 언어에 Cartesian Product Algorithm을 적용하여 타입을 추론하고, 이 정보를 바탕으로 정적 타입 시스템인 C++ 코드로 변환하는 컴파일러의 구조와 알고리즘을 제시한다.

• Journal of The Korean Association of Information Education
• /
• v.4 no.2
• /
• pp.179-186
• /
• 2001

The purpose of this study is to design and implement a courseware that makes possible interaction between man and computer in the internet. For this, We select the contents of learning and designe a courseware with text, graphic data. HTML, Java script and Java applet. Some advantages of the courseware are as follows. Interactions between man and computer are possible by giving diverse feedback to input-response in the web. And it is possible to access the courseware regardless of time and space when the network environment of user's computer is suitably equipped. Finally, on operator's part, the revision of the courseware becomes easier and on client's part, the system resources are less required.

• Acta Via Serica
• /
• v.9 no.1
• /
• pp.91-138
• /
• 2024

This survey explores artifacts like steles, metal or stone statues, metal foils, and coins, bearing inscriptions in the Sanskrit language and Siddhamātṛkā (or "Siddham"), Nāgarī, and Proto-Bengali/Gauḍī scripts produced in Java between the 8th and 13th century CE, contextualizing them against the background of the pan-Asian networks of Tantric Buddhism or Mahāyāna Buddhist Tantra and especially its circulation along the maritime "Silk Routes." Discussing the interrelationship between languages, scripts, religions, and politics in Java and relevant regions of the wider Buddhist world, it tries to answer questions concerning foreign or local agency and audience as well as transregional connectivity. In particular, it argues that the quick spread of varieties of Mahāyāna/Mantrayāna Buddhism from the Subcontinent to Java and East Asia during a "first wave" from the 8th to the 9th century appears to have occurred in parallel with the diffusion of Siddhamātṛkā script in those locales, whereas a "second wave" of Tantric Buddhism linking the Indo-Tibetan and East Asian Buddhist world is associated with Nāgarī and Proto-Bengali/Gauḍī script in East Java.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.414-423
• /
• 2014

The number and size of resource constituting the web page has been increasing steadily, and this circumstance leads to rapidly falling quality of web service in mobile network that offer relatively higher delay. Moreover, Improving the quality of a web services protocol is difficult to provide network function because the current network architecture has closed structure. In this paper, we suggest schemes to enhance web performance in mobile network, which are Check Coded DOM scheme and Functional JavaScript Transmission scheme, and then try to seek idea which can be provided suggested schemes as a network function using NFV(Network Function Virtualization). For the performance evaluation and analysis about the suggested schemes, we perform network simulation using SMPL library. We confirm that suggested schemes offer better performance in term of page loading time, the number of message and the amount of traffic in the network than HTTP Protocol.