Policy-weaving home

JAM static analysis and aspect weaver

JAM is Policy Weaving for JavaScript programs. This project is being built and maintained by Rich Joiner (joiner@cs.wisc.edu). The idea was concieved and prototyped by Matt Fredrikson while working with Philip Porras and Hassen Saïdi at SRI. This work is done under the advisement of Professors Tom Reps and Somesh Jha.

As of yet, the dependencies and build scripts are specific to the Ubuntu Linux platform. The system has been developed on Ubuntu 14.04 with Linux kernel 3.13.0-39-generic, though other versions of this OS will likely work (once dependencies are installed).

JAM analyzes and rewrites JavaScript files by instrumenting statements to employ transactional introspection and statement indirection to monitor the execution and enforce the policy at runtime.

JAMScript enforcement

The combination of transactional introspection and statement indirection, supported by the JAM runtime library, comprises a extension of the JavaScript language called JAMScript.

JAM test suite

JAM has been tested on an extensive set of benchmark and malicious applications collected from the Web. The source code and installation instructions for JAM and JAMScript and the test suite are available on Github via the links below.

Policy Weaving for JavaScript

UW-Madison Computer Sciences