Search Icon
Register

How is Proto being Probed? The Experimental Aspects behind the Large-scale Measurement of Client-Side Prototype Pollution Vulnerabilities

Zifeng Kang (Johns Hopkins University)

In this talk, we present the experimental experience in the evaluation of ProbetheProto (NDSS’22), the first large-scale measurement study of client-side prototype pollution vulnerabilities. First, we discuss the challenges for deploying ProbetheProto on real-world websites and how we mitigate them in the deployment. We present a breakdown of real-world consequences and defenses found by ProbetheProto. Second, we describe how we compare ProbetheProto with a state-of-the-art detection tool. Specifically, we modify ObjLupAnsys, a Node.js prototype pollution detection tool, to support client-side applications. Results show that ProbetheProto significantly outperforms ObjLupAnsys in two experimental settings. Lastly, we experimentally evaluate the code coverage, the performance overhead, and the True Positive Rate (TPR) of ProbetheProto. We will also discuss our evaluation limitations.

Speaker's biography

Zifeng Kang is a third-year Ph.D. student at Johns Hopkins University. His research mainly focuses on program analysis of Web Security issues.

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 42 [1] => 55 ) ) ) [post__not_in] => Array ( [0] => 8406 ) )

What the Fork? Finding and Analyzing Malware in GitHub...

Alan Cao (New York University) and Brendan Dolan-Gavitt (New York University)

Read More

DRAWN APART: A Device Identification Technique based on Remote...

Tomer Laor (Ben-Gurion Univ. of the Negev), Naif Mehanna and Antonin Durey (Univ. Lille / Inria), Vitaly Dyadyuk (Ben-Gurion Univ. of the Negev), Pierre Laperdrix (CNRS, Univ. Lille, Inria Lille), Clémentine Maurice (CNRS), Yossi Oren (Ben-Gurion Univ. of the Negev), Romain Rouvoy (Univ. Lille / Inria / IUF), Walter Rudametkin (Univ. Lille / Inria), Yuval…

Read More

Evaluating Euler: Experimental Results of Network Anomaly Detection Models

Isaiah J. King (The George Washington University)

Read More

Generating 3D Adversarial Point Clouds under the Principle of...

Bo Yang (Zhejiang University), Yushi Cheng (Tsinghua University), Zizhi Jin (Zhejiang University), Xiaoyu Ji (Zhejiang University) and Wenyuan Xu (Zhejiang University)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)