Redirigiendo al acceso original de articulo en 23 segundos...
Inicio  /  Informatics  /  Vol: 5 Par: 4 (2018)  /  Artículo
ARTÍCULO
TITULO

Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

Adam Rapley    
Xavier Bellekens    
Lynsay A. Shepherd and Colin McLean    

Resumen

Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime?an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

 Artículos similares

       
 
Richard P. Signell and Dharhas Pothina    
The traditional flow of coastal ocean model data is from High-Performance Computing (HPC) centers to the local desktop, or to a file server where just the needed data can be extracted via services such as OPeNDAP. Analysis and visualization are then cond... ver más

 
Amar Nanda, Leah Beesley, Luca Locatelli, Berry Gersonius, Matthew R. Hipsey and Anas Ghadouani    
Wetlands experience considerable alteration to their hydrology, which typically contributes to a decline in their overall ecological integrity. Wetland management strategies aim to repair wetland hydrology and attenuate wetland loss that is associated wi... ver más
Revista: Water