Real-world Challenges in JavaScript Analysis
While JavaScript has become the most popular programming language today, tools that can automatically alert developers tare still lacking.
- Starts at
-
TU Wien, Campus Argentinierstraße
Bibliothek E185/1 -
1040 Vienna, Argentinierstraße 8
4. Stock
Abstract
While JavaScript has become the most popular programming language today, tools that can automatically alert developers to unwanted behavior or security vulnerabilities are still lacking. Such tools are either drastically limited (e.g., linter and checker tools) or fail to scale to real-world applications. This can in part be explained by the language they target. JavaScript is dynamically typed, has higher-order functions and supports reflective (string-based) access to the properties of objects. Even more difficult for static analysis is the excessive use of third-party libraries, meta-programming techniques (e.g., dynamic code generation), and event-driven frameworks. The talk starts with a brief overview of the challenges we face when applying static analysis techniques to current systems built on JavaScript, especially modern web applica- tions. We continue by reporting on our work extending SAFE, an abstract interpretation framework for JavaScript, with (1) a light-weight taint analysis and (2) improved string abstract domains. Finally, we introduce a new domain-specific application of JavaScript static analysis that has shown to be effective: the detection of JavaScript-based malware embedded in PDF documents.
Biography
Alexander Jordan is a senior researcher at Oracle Labs Australia, where he has been working on program analysis techniques for Java- and JavaScript-based web applications. Before joining Oracle Labs in 2015, Alexander obtained his MSc and PhD degrees from TU Wien and has worked as a research assistant, with a focus on WCET analysis, at DTU (Denmark) and ENSTA ParisTech (France). His interests include program analysis, compilers and computer security.
Note
This talk is organized by the Compilers and Languages Group at the Institute of Computer Languages. Tea at the library of E185/1, Argentinierstr. 8, 4th floor (central) at 13:30.
Speakers
- Dr. Alexander Jordan, Oracle Labs, Brisbane, Australia
Curious about our other news? Subscribe to our news feed, calendar, or newsletter, or follow us on social media.
Note: This is one of the thousands of items we imported from the old website. We’re in the process of reviewing each and every one, but if you notice something strange about this particular one, please let us know. — Thanks!