Cited By
View all- Cerutti Fdi San Pietro DGringoli FLamperti G(2022)Looking for Criminal Intents in JavaScript Obfuscated CodeProcedia Computer Science10.1016/j.procs.2022.09.142207:C(867-876)Online publication date: 1-Jan-2022
Research on Fuzzing Technology for JavaScript Engines
Authors: 
Ye Tian, Xiaojun Qin, Shuitao GanAuthors Info & Claims
Article No.: 32, Pages 1 - 7
Abstract
JavaScript engine is the core component of web browsers, whose security issues are one of the critical aspects of the overall Web Eco-Security. Fuzzing technology, as an efficient software testing approach, has been widely applied to detecting vulnerabilities in different JavaScript engines, which is a security research hotspot at present. Based on systematical dissection of existing fuzzing methods, this paper reviews the development and technical ideas of JavaScript Engine Fuzzing combined with taxonomy, proposes a general framework of JavaScript Engine Fuzzing and analyzes the key techniques involved. Finally, we discuss the core issues that restrict efficiency in current research and present an outlook on the future trends of JavaScript Engine Fuzzing.
References
[1]
W3Techs. Usage Statistics of Javascript for Websites. https://w3techs.com /technologies/details/cp-javascript.
[2]
Google. V8: Google's Open Source High-Performance JavaScript and WebAssembly Engine. https://v8.dev/.
[3]
Microsoft. ChakraCore: The Core Part of the Chakra JavaScript Engine that Powers Microsoft Edge. https://github.com/microsoft/ChakraCore.
[4]
Apple. JavaScriptCore: The Built-In JavaScript Engine for WebKit. https://trac. webkit.org/wiki/JavaScriptCore.
[5]
Mozilla. SpiderMonkey: The JavaScript Engine for Firefox. https://developer. mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey.
[6]
Samsung. Jerryscript: JavaScript Engine for the Internet of Things. https:// github.com/jerryscript-project/jerryscript.
[7]
B.P. Miller, L. Fredriksen, B. So (1990). An Empirical Study of the Reliability of UNIX Utilities. Communications of the ACM, 33(12), 32-44.
[8]
Ecma-International. ECMAScript® 2021 Language Specification. https://www. ecma-international.org/ecma-262/.
[9]
H. Lin, J. Peng, S. Zhao, (2019). Survey On JavaScript Engine Vulnerability Detection. Computer Engineering and Applications, 55(11), 16-24.
[10]
N. Nagappan, T. Ball (2005). Static Analysis Tools as Early Indicators of Pre-Release Defect Density. Proc of the 27th International Conference on Software Engineering, ICSE'05, 580-586.
[11]
Synopsys. Coverity Scan Static Analysis. https://scan.coverity.com.
[12]
CyberRes. Fortify Static Code Analyzer. https://www.microfocus.com/en-us /cyberres/application-security/static-code-analyzer.
[13]
Perforce. Klocwork: Best Static Code Analyzer for Developer Productivity, SAST, and DevOps/DevSecOps. https://www.perforce.com/products/klocwork.
[14]
D.E. Denning (1976). A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5), 236-243.
[15]
S. Gan, C. Zhang, P. Chen, (2020). GREYONE: Data Flow Sensitive Fuzzing. Proc of the 29th USENIX Security Symposium, USENIX Security'20, 2577-2594.
[16]
J.C. King (1976). Symbolic Execution and Program Testing. Communications of the ACM, 19(7), 385-394.
[17]
R. Baldoni, E. Coppa, D.C. D'Elia, (2018). A Survey of Symbolic Execution Techniques. ACM Computing Surveys, 51(3), 50.
[18]
C. Omar, J. Aldrich (2016). Programmable Semantic Fragments: The Design and Implementation of Typy. Proc of the ACM SIGPLAN Conference on Generative Programming: Concepts and Experiences, GPCE'16, 81-92.
[19]
F. Brown, S. Narayan, R.S. Wahby, (2017). Finding and Preventing Bugs in JavaScript Bindings. Proc of the IEEE Symposium on Security and Privacy (S&P'17), 559-578.
[20]
G. Maisuradze, M. Backes, C. Rossow (2017). Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code. Proc of the 24th Annual Network and Distributed System Security Symposium, NDSS'2017.
[21]
P. Oehlert (2005). Violating Assumptions with Fuzzing. IEEE Secur. Priv., 3(2), 58-62.
[22]
P. Godefroid, M.Y. Levin, D.A. Molnar (2012). SAGE: Whitebox Fuzzing for Security Testing. Communications of the ACM, 55(3), 40-44.
[23]
R. Swiecki, F. Gröbert. Honggfuzz. https://github.com/google/honggfuzz.
[24]
M. Zalewski. American Fuzzy Lop. https://lcamtuf.coredump.cx/afl/.
[25]
K. Serebryany (2016). Continuous Fuzzing with libFuzzer and AddressSanitizer. Proc of the IEEE Cybersecurity Development, SecDev'16, 157.
[26]
M. Eddington. Peach Fuzzing Platform. http://community.peachfuzzer.com /WhatIsPeach.html.
[27]
M. Sutton. Filefuzz. http://osdir.com/ml/security.securiteam/2005-09/msg0007.
[28]
V.J.M. Manes, H. Han, C. Han, (2019). The Art, Science, and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering, 1.
[29]
MozillaSecurity. JSfunfuzz. https://github.com/MozillaSecurity/funfuzz.
[30]
J. Patra, M. Pradel (2016). Learning to Fuzz: Application-Independent Fuzz Testing with Probabilistic, Generative Models of Input Data. Proc of the Tech. Rep. TUD-CS-2016-14664.
[31]
J. Wang, B. Chen, L. Wei, Y. Liu (2017). Skyfire: Data-Driven Seed Generation for Fuzzing. Proc of the IEEE Symposium on Security and Privacy, S&P'17, 579-594.
[32]
H. Han, D. Oh, S.K. Cha (2019). CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines. Proc of the 26th Annual Network and Distributed System Security Symposium, NDSS'19.
[33]
S. Lee, H. Han, S.K. Cha, (2020). Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer. Proc of the 29th USENIX Security Symposium, USENIX Security'20, 2613-2630.
[34]
Ecma-TechnicalCommittee. Test262: ECMAScript Test Suite. https://github. com/tc39/test262.
[35]
G. Ye, Z. Tang, S.H. Tan, (2021). Automated Conformance Testing for JavaScript Engines Via Deep Compiler Fuzzing. Proc of the 42th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'21.
[36]
M. Böhme, V. Pham, A. Roychoudhury (2016). Coverage-Based Greybox Fuzzing as Markov Chain. Proc of the ACM SIGSAC Conference on Computer and Communications Security, CCS'16, 1032-1043.
[37]
M. Böhme, V. Pham, M. Nguyen, A. Roychoudhury (2017). Directed Greybox Fuzzing. Proc of the ACM SIGSAC Conference on Computer and Communications Security, CCS'17, 2329-2344.
[38]
S. Gan, C. Zhang, X. Qin, (2018). CollAFL: Path Sensitive Fuzzing. Proc of the IEEE Symposium on Security and Privacy, S&P'18, 679-696.
[39]
J. Wang, B. Chen, L. Wei, Y. Liu (2019). Superion: Grammar-Aware Greybox Fuzzing. Proc of the 41st International Conference on Software Engineering, ICSE'19, 724-735.
[40]
T.J. Parr, R.W. Quong (1995). ANTLR: A Predicated-LL(k) Parser Generator. Softw. Pract. Exp., 25(7), 789-810.
[41]
H. Lin, J. Zhu, J. Peng, D. Zhu (2019). Deity: Finding Deep Rooted Bugs in JavaScript Engines. Proc of the 19th IEEE International Conference on Communication Technology, ICCT'19, 1585-1594.
[42]
Y. Wang, Q. Wang, W. Ding (2020). Research on Semantic-Aware Fuzzing for JavaScript Engine. Journal of Information Engineering University, 21(03), 316-324.
[43]
S. Groß (2018). Fuzzil: Coverage Guided Fuzzing for Javascript Engines, Department of Informatics, Karlsruhe Institute of Technology.
[44]
C. Holler, K. Herzig, A. Zeller (2012). Fuzzing with Code Fragments. Proc of the 21th USENIX Security Symposium, USENIX Security'12, 445-458.
[45]
T. Guo, P. Zhang, An, (2013). GramFuzz: Fuzzing Testing of Web Brows¬ers Based On Grammar Analysis and Structural Mutation. Proc of the International Conference on Informatics & Applications, ICIA'13, 212-215.
[46]
S. Veggalam, S. Rawat, I. Haller, H. Bos (2016). IFuzzer: An Evolutionary Interpreter Fuzzer Using Genetic Programming. Proc of the 21st European Symposium on Research in Computer Security, ESORICS'16, 581-601.
[47]
C. Aschermann, T. Frassetto, T. Holz, (2019). NAUTILUS: Fishing for Deep Bugs with Grammars. Proc of the 26th Annual Network and Distributed System Security Symposium, NDSS'19.
[48]
S. Park, W. Xu, I. Yun, (2020). Fuzzing JavaScript Engines with Aspect-Preserving Mutation. Proc of the IEEE Symposium on Security and Privacy, S&P'20, 1629-1642.
[49]
J. Park, S. An, D. Youn, (2021). JEST: N+1 -Version Differential Testing of Both JavaScript Engines and Specification. Proc of the 43rd International Conference on Software Engineering, ICSE'21, 13-24.
[50]
Google. ClusterFuzz: Scalable Fuzzing Infrastructure. https://google.git hub.io/clusterfuzz/.
[51]
Google. OSS-Fuzz: Continuous Fuzzing for Open Source Software. https:// google.github.io/oss-fuzz/.
[52]
O. Levi. Pin - a Binary Instrumentation Tool. https://software.intel.com/en-us /articles/pin-a-dynamic-binary-instrumentation-tool.
[53]
DynamoRIO. Dynamic Instrumentation Tool Platform. https://dynamorio.org/.
[54]
S. Schumilo, C. Aschermann, R. Gawlik, (2017). KAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. Proc of the 26th USENIX Security Symposium, USENIX Security'17, 167-182.
[55]
D. She, K. Pei, D. Epstein, (2019). NEUZZ: Efficient Fuzzing with Neural Program Smoothing. Proc of the IEEE Symposium on Security and Privacy, S&P'19, 803-817.
[56]
Y. Wang, L. Sun, Y. Wang, Z. Xue (2021). A Fuzzing Method for JIT Complier of JavaScript Engine. Communications Technology, 54(01), 175-180.
Index Terms
- Research on Fuzzing Technology for JavaScript Engines
Index terms have been assigned to the content through auto-classification.
Recommendations
SoFi: Reflection-Augmented Fuzzing for JavaScript Engines
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityJavaScript engines have been shown prone to security vulnerabilities, which can lead to serious consequences due to their popularity. Fuzzing is an effective testing technique to discover vulnerabilities. The main challenge of fuzzing JavaScript engines ...
Automated conformance testing for JavaScript engines via deep compiler fuzzing
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationJavaScript (JS) is a popular, platform-independent programming language. To ensure the interoperability of JS programs across different platforms, the implementation of a JS engine should conform to the ECMAScript standard. However, doing so is ...
Evaluating seed selection for fuzzing JavaScript engines
AbstractJavaScript (JS), as a platform-independent programming language, remains to be the most popular language over the years. However, popular JavaScript engines that have been widely utilized by web browsers to interpret JS code, have become the most ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2021
660 pages
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 December 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- National Science and Technology Major Projects of HEGAOJI
Conference
CSAE 2021
CSAE 2021: The 5th International Conference on Computer Science and Application Engineering
October 19 - 21, 2021
Sanya, China
Acceptance Rates
Overall Acceptance Rate 368 of 770 submissions, 48%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 249Total Downloads
- Downloads (Last 12 months)48
- Downloads (Last 6 weeks)16
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
Cited By
View all- Cerutti Fdi San Pietro DGringoli FLamperti G(2022)Looking for Criminal Intents in JavaScript Obfuscated CodeProcedia Computer Science10.1016/j.procs.2022.09.142207:C(867-876)Online publication date: 1-Jan-2022
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format