TY - GEN
T1 - JSLibD
T2 - 2023 ACM Workshop on Secure and Trustworthy Superapps, SaTS 2023
AU - Tao, Junjie
AU - Shi, Jifei
AU - Fan, Ming
AU - Wang, Yin
AU - Liu, Junfeng
AU - Liu, Ting
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/11/26
Y1 - 2023/11/26
N2 - Miniapps have become an indispensable part of people's lives. Meanwhile, the utilization of third-party libraries greatly streamlines, expedites, and enhances the development of miniapps. However, ensuring the security of these third-party libraries presents a challenge, as they may harbor security vulnerabilities, such as plaintext transmission. In this paper, we propose JSLibD, an automated extraction method for third-party libraries in miniapps. Unlike conventional extraction methods that heavily rely on prior knowledge, JSLibD introduces a heuristic prediction approach, comprising two integral components: A whitelist matching method to match the known libraries and a heuristic prediction method to extract the unknown libraries using function call relationships. The results demonstrate that JSLibD can efficiently match known libraries, and accurately predict unknown libraries, achieving an impressive precision rate of 85.9% and a high recall rate of 97.2%.
AB - Miniapps have become an indispensable part of people's lives. Meanwhile, the utilization of third-party libraries greatly streamlines, expedites, and enhances the development of miniapps. However, ensuring the security of these third-party libraries presents a challenge, as they may harbor security vulnerabilities, such as plaintext transmission. In this paper, we propose JSLibD, an automated extraction method for third-party libraries in miniapps. Unlike conventional extraction methods that heavily rely on prior knowledge, JSLibD introduces a heuristic prediction approach, comprising two integral components: A whitelist matching method to match the known libraries and a heuristic prediction method to extract the unknown libraries using function call relationships. The results demonstrate that JSLibD can efficiently match known libraries, and accurately predict unknown libraries, achieving an impressive precision rate of 85.9% and a high recall rate of 97.2%.
KW - miniapp
KW - mobile security
KW - third-party library
UR - https://www.scopus.com/pages/publications/85179548218
U2 - 10.1145/3605762.3624428
DO - 10.1145/3605762.3624428
M3 - 会议稿件
AN - SCOPUS:85179548218
T3 - SaTS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps
SP - 11
EP - 16
BT - SaTS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps
PB - Association for Computing Machinery, Inc
Y2 - 26 November 2023
ER -