METHOD OF DETECTION AND ELIMINATION OF VULNERABILITIES IN INPUT COMPONENTS OF THE DOM MODEL USING fDOM
DOI: 10.31673/2412-4338.2023.045963
Abstract
The article discusses a progressive approach to securing web applications by identifying and eliminating vulnerabilities in input components of the Document Object Model (DOM). The main focus is on the development of fDOM - a formal version of DOM that automates the process of "sanitizing" attributes, actively removing potentially dangerous content, especially in cases involving <script> tags and associated threats such as cross-site scripting (XSS).
The article thoroughly examines the existing structure of DOM, identifies key vulnerabilities, and introduces innovations in the form of a sanitize method to prevent potential attacks. Technical aspects include algorithms for cleaning attributes and elements, as well as a procedure for sanitizing input data. The effectiveness of the proposed model is demonstrated through a series of tests and lemmas that confirm the absence of harmful content after the sanitization procedure.
The verification of the method for detecting and eliminating vulnerabilities using the formal verification system Isabelle/HOL is also discussed, highlighting the importance of formal methods in securing web applications. The article evaluates the strengths and weaknesses of fDOM, sheds light on potential directions for further development of the model, adaptation for dynamic content, and exploration of integrations with third-party services.
Demonstration of the effectiveness of fDOM using a set of tests confirmed its ability to neutralize potentially dangerous code, indicating the success of this approach in providing a higher level of security for web applications.
Keywords: fDOM, information systems, cross-site scripting, DOM, Isabelle/HOL, information technology, web applications.
References:
1. Goldstein, A., & Sutton, P. “Розробка веб-компонентів HTML5 за допомогою Polymer.” 2018.
2. Hoffman, A. "Web Application Security: Exploitation and Countermeasures for Modern Web Applications.", 2020.
3. Grigsby, J. “Веб-компоненти на практиці.” Manning Publications, 2019.
4. Achim D. Brucker and Michael Herzberg. “A Formalization of Web Components”, 2020.
5. WHATWG. DOM – “Living Standard.”, 2019.
6. J. Oh, W. H. Ahn and T. Kim. “Web app restructuring based on shadow DOMs to improve maintainability.”, 2017
7. Moshenchenko M., Zhurakovskyi B., Poltorak V., Bondarchuk A., Korshun N. Optimization Algorithms of Smart City Wireless Sensor Network Control / CEUR Workshop Proceedings, 2021, 3188, p. 32–42
8. Zhebka V., Gertsiuk M., Sokolov V., Malinov V., Sablina M. Optimization of Machine Learning Method to Improve the Management Efficiency of Heterogeneous Telecommunication Network CEUR Workshop Proceedings, 2022, 3288, p. 149–155
