A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the pre...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks Jg. 2019; H. 2019; S. 1 - 21
Hauptverfasser: Piessens, Frank, Massacci, Fabio, De Groef, Willem, van Ginkel, Neline
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Cairo, Egypt Hindawi Publishing Corporation 01.01.2019
Hindawi
John Wiley & Sons, Inc
Schlagworte:
Access control
Cloud computing
Java
Libraries
Operating systems
Programming languages
Security
Servers
Software
Third party
ISSN:1939-0114, 1939-0122
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1939-0114
1939-0122
DOI:10.1155/2019/9629034