Institute of Computer Languages
Compilers and Languages Group
| Datum: | Mittwoch, den 12. Juli 2017 |
|---|---|
| Zeit: | 11:00 Uhr c.t. *) |
| Ort: | TU Wien, Bibliothek E185.1, Argentinierstr. 8, 4. Stock (Mitte). |
über
While JavaScript has become the most popular programming language today, tools that can automatically alert developers to unwanted behavior or security vulnerabilities are still lacking. Such tools are either drastically limited (e.g., linter and checker tools) or fail to scale to real-world applications. This can in part be explained by the language they target. JavaScript is dynamically typed, has higher-order functions and supports reflective (string-based) access to the properties of objects. Even more difficult for static analysis is the excessive use of third-party libraries, meta-programming techniques (e.g., dynamic code generation), and event-driven frameworks. The talk starts with a brief overview of the challenges we face when applying static analysis techniques to current systems built on JavaScript, especially modern web applications. We continue by reporting on our work extending SAFE, an abstract interpretation framework for JavaScript, with (1) a light-weight taint analysis and (2) improved string abstract domains. Finally, we introduce a new domain-specific application of JavaScript static analysis that has shown to be effective: the detection of JavaScript-based malware embedded in PDF documents.
Sie möchten auf diesen Vortrag durch Aushang hinweisen? Eine druckfertige Einladung im pdf-Format dafür finden Sie hier.