Title :
Interception, wrapping and analysis framework for Win32 scripts
Author :
Hollebeek, Tim ; Berrier, Dur
Abstract :
JScript and VBScript were designed in an environment where scripts were confined inside Web browsers, and where those Web browsers rarely contained sensitive information or performed security-critical operations. Unfortunately, both languages are now widely used in very different environments where the fact that security was an afterthought in their design has become a grave problem for the enterprises and individuals that use them. We have designed and implemented a retrofitted security framework for the Windows ActiveScripting API, which integrates JScript and VBScript into the Windows operating system. By exploiting common characteristics of modern mobile component frameworks, our security system provides object- and method-level access control and logging
Keywords :
application program interfaces; authoring languages; authorisation; distributed programming; online front-ends; operating systems (computers); subroutines; JScript; Microsoft Windows operating system; VBScript; Web browsers; Win32 scripts; Windows ActiveScripting API; access logging; analysis framework; interception; method-level access control; mobile component frameworks; object-level access control; retrofitted security framework; security-critical operations; sensitive information; wrapping; Access control; Application software; Computer viruses; Data security; Information security; Internet; Java; Operating systems; Web pages; Wrapping;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932174
