A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries.
Gespeichert in:
| Titel: | A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries. |
|---|---|
| Autoren: | van Ginkel, Neline, De Groef, Willem, Piessens, Frank, Massacci, Fabio |
| Quelle: | Security & Communication Networks; 5/2/2019, p1-21, 21p |
| Schlagwörter: | JAVASCRIPT programming language, CLOUD computing, LIBRARIES, COMPUTER network security, CLIENT/SERVER computing |
| Abstract: | The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation. [ABSTRACT FROM AUTHOR] |
| Copyright of Security & Communication Networks is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Datenbank: | Complementary Index |
|
Volltext ist per Gastzugang nicht verfügbar.
Für Vollzugriff bitte einloggen.
|
|
| Abstract: | The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation. [ABSTRACT FROM AUTHOR] |
|---|---|
| ISSN: | 19390114 |
| DOI: | 10.1155/2019/9629034 |