loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Bruno Gonçalves de Oliveira 1 ; Andre Endo 2 and Silvia Vergilio 1

Affiliations: 1 Department of Computer Science, Federal University of Paraná, Curitiba, PR, Brazil ; 2 Computing Department, Federal University of São Carlos, São Carlos, SP, Brazil

Keyword(s): Security, JavaScript, Software Vulnerability, Metrics, Mining Repositories.

Abstract: JavaScript engines are security-critical components of Web browsers. Their different features bring challenges for practitioners that intend to detect and remove vulnerabilities. As these JavaScript engines are open-source projects, security insights could be drawn by analyzing the changes performed by developers. This paper aims to characterize security-related commits of open-source JavaScript engines. We identified and analyzed commits that involve some security aspects; they were selected from the widely used engines: V8, ChakraCore, JavaScriptCore, and Hermes. We compared the security-related commits with other commits using source code metrics and assessed how security-related commits modify specific modules of JavaScript engines. Finally, we classified a subset of commits and related them to potential vulnerabilities. The results showed that only six out of 44 metrics adopted in the literature are statistically different when comparing security-related commits to the others, f or all engines. We also observed what files and, consequently, the modules, are more security-related modified. Certain vulnerabilities are more connected to security-related commits, such as Generic Crash, Type Confusion, Generic Leak, and Out-of-Bounds. The obtained results may help to advance vulnerability prediction and fuzzing of JavaScript engines, augmenting the security of the Internet. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.222.121.79

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Gonçalves de Oliveira, B.; Endo, A. and Vergilio, S. (2023). Characterizing Security-Related Commits of JavaScript Engines. In Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 2: ICEIS; ISBN 978-989-758-648-4; ISSN 2184-4992, SciTePress, pages 86-97. DOI: 10.5220/0011966100003467

@conference{iceis23,
author={Bruno {Gon\c{C}alves de Oliveira}. and Andre Endo. and Silvia Vergilio.},
title={Characterizing Security-Related Commits of JavaScript Engines},
booktitle={Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 2: ICEIS},
year={2023},
pages={86-97},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011966100003467},
isbn={978-989-758-648-4},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 2: ICEIS
TI - Characterizing Security-Related Commits of JavaScript Engines
SN - 978-989-758-648-4
IS - 2184-4992
AU - Gonçalves de Oliveira, B.
AU - Endo, A.
AU - Vergilio, S.
PY - 2023
SP - 86
EP - 97
DO - 10.5220/0011966100003467
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic