JAM is Policy Weaving for JavaScript programs. This project is being built and maintained by Rich Joiner (joiner@cs.wisc.edu). The idea was concieved and prototyped by Matt Fredrikson while working with Philip Porras and Hassen Saïdi at SRI. This work is done under the advisement of Professors Tom Reps and Somesh Jha.
As of yet, the dependencies and build scripts are specific to the Ubuntu Linux platform. The system has been developed on Ubuntu 14.04 with Linux kernel 3.13.0-39-generic, though other versions of this OS will likely work (once dependencies are installed).
JAM analyzes and rewrites JavaScript files by instrumenting statements to employ transactional introspection and statement indirection to monitor the execution and enforce the policy at runtime.
The combination of transactional introspection and statement indirection, supported by the JAM runtime library, comprises a extension of the JavaScript language called JAMScript.
JAM has been tested on an extensive set of benchmark and malicious applications collected from the Web. The source code and installation instructions for JAM and JAMScript and the test suite are available on Github via the links below.
array( "Efficient runtime enforcement techniques for policy weaving" => "http://www.cs.wisc.edu/wpis/papers/fse14.pdf", "Efficient runtime policy enforcement using counterexample-guided abstraction refinement" => "http://www.cs.wisc.edu/wpis/papers/CAV12-JAM.pdf", ), "Source code repositories" => array( "JAM weaver" => "https://github.com/blackoutjack/jamweaver", "JAMScript enforcement" => "https://github.com/blackoutjack/jamscript", "Test suite" => "https://github.com/blackoutjack/jamtests", "Extraction Tool for Resource Analysis (ExTRA)" => "https://github.com/blackoutjack/ExTRA", "User-driven JAMScript extension" => "https://policy-weaving.cs.wisc.edu/extension", ), ); include_once "linkTemplate.php"; ?>