Action II — The "Meta-Life" of JavaScript

Project Code: 2606-01/00-01
Funding programme: Action 2 - Support to Postdoctoral Researchers
Funding Agency: Athens University of Economics and Business
Project type: RTD
Starting date: 2016-12-08
Ending date: 2017-12-07
Total budget: 11,250 €


Contact: Dimitris Mitropoulos
Scientific coordinator: Diomidis Spinellis

Description

JavaScript is one of the most important elements of the web. It is being used by the majority of websites and it is supported by all modern browsers. On the other hand though, it can be a vector for many dangerous attacks like cross-site scripting (XSS). With the proposed research we will aim to examine the evolution of JavaScript code over time. Specifically, by using building blocks from our previous research thrusts we will create a framework that collects the scripts used by different websites on a daily basis. Then, we will analyze the resulting dataset to (a) observe if whitelisting defenses can be efficiently employed by websites, (b) examine the development pace of multiple web applications and (c) examine the evolution of potential bugs found in the JavaScript code.

Publications

Journal Articles

    • Dimitris Mitropoulos and Diomidis Spinellis. Fatal injection: a survey of modern code injection attack countermeasures. PeerJ Computer Science, 2017. To appear.

Magazine Articles

    • Dimitris Mitropoulos. How 1 million app calls can tell you a bit about malware. XRDS: Crossroads, The ACM Magazine for Students, 24(1):17–19, 2017.