JSAgents

The goal of JSAgents is the development of a framework to detect, log and mitigate live attacks against internet pages and web browsers. The analysis of these attacks allows deeper insights into malicious vectors, thus enabling the design of new protection schemes. Based on the ECMA-Script-5 implementation in modern web browsers a nearly complete anomaly detection can be performed on the Document Object Model (DOM).

Browser Our work focuses on the analysis of web browser internals:

On the OS level, exploit attempts of vulnerabilities in browsers and their plugins are detected and prevented. Automated extraction of the underlying program flows permits the backtracking of the responsible vulnerabilities and provides information, which can be used as filter for typical program activity during exploitation. This analysis allows to react fast to evolving attacks and patch vulnerabilities in the browser at runtime.



Administrative Information


BMBF Grantvdevdiit Project Management

Selected Publications


Mario Hei­de­rich, Mar­cus Nie­mietz, Felix Schus­ter, Thors­ten Holz, Jörg Schwenk
19th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty (CCS), Ral­eigh, NC, Oc­to­ber 2012

Cars­ten Wil­lems, Ralf Hund, Amit Va­su­de­van, An­dre­as Fo­bi­an, Den­nis Felsch, Thors­ten Holz
An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), Or­lan­do, FL, De­cem­ber 2012

Cars­ten Wil­lems, Felix C. Frei­ling, Thors­ten Holz
An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), Or­lan­do, FL, De­cem­ber 2012