计算机工程与应用2019,Vol.55Issue(11):16-24,34,10.DOI:10.3778/j.issn.1002-8331.1811-0174
JavaScript引擎漏洞检测方法综述
Survey on JavaScript Engine Vulnerability Detection
摘要
Abstract
JavaScript engine vulnerabilities caused by language features is one of the important threats to the security of today’s software. Attackers often use JavaScript engine vulnerabilities to demonstrate remote code execution and gain controllability of the operating system. This paper introduces the basic information of the JavaScript engine, classifies the vulnerabilities that often appear in the engine, and summarizes the basic steps and development of static and dynamic analysis methods. Then it proposes the basic framework for detecting vulnerabilities in JavaScript engines, and discusses the detection efficiency, bottlenecks and possible solutions. At last, it points out future trends and some issues.关键词
JavaScript引擎漏洞检测/类型混淆/静态分析/模糊测试Key words
JavaScript engine vulnerability detection/type confusion/static analysis/fuzzing分类
信息技术与安全科学引用本文复制引用
林宏阳,彭建山,赵世斌,朱俊虎,许航..JavaScript引擎漏洞检测方法综述[J].计算机工程与应用,2019,55(11):16-24,34,10.基金项目
国家自然科学基金(No.61502528). (No.61502528)
