A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the pre...
Saved in:
| Published in: | Security and communication networks Vol. 2019; no. 2019; pp. 1 - 21 |
|---|---|
| Main Authors: | , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Cairo, Egypt
Hindawi Publishing Corporation
01.01.2019
Hindawi John Wiley & Sons, Inc |
| Subjects: | |
| ISSN: | 1939-0114, 1939-0122 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation. |
|---|---|
| AbstractList | The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation. The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed N ODE S ENTRY , the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of N ODE S ENTRY and present its performance and security evaluation. |
| Author | Piessens, Frank De Groef, Willem Massacci, Fabio van Ginkel, Neline |
| Author_xml | – sequence: 1 fullname: Piessens, Frank – sequence: 2 fullname: Massacci, Fabio – sequence: 3 fullname: De Groef, Willem – sequence: 4 fullname: van Ginkel, Neline |
| BookMark | eNqFkMtLw0AQxhdRsK3ePEvAo8buM49jKT4qBYXWq2GTnbVbalInm0r_e1NTFATxNK_fN8N8fXJYViUQcsboNWNKDTll6TCNeEqFPCA9loo0pIzzw--cyWPSr-slpRGTseyRl1EwA9wAhjNnIHjQGz0r0K192y4adH4bjLBYOA-FbxACW2E3gWBSenhF7V1VBpUN5guHJnzS2EqmLkeNDuoTcmT1qobTfRyQ59ub-fg-nD7eTcajaViIiPowVjy3wkbcaKoBrORGRSCEFLEUVkZGiEILYak0ueZcJ4mVMrbAEtkWJhcDctHtXWP13kDts2XVYNmezLhUKk4SyXhLXXVUgVVdI9hsje5N4zZjNNs5mO0czPYOtjj_hRfOf_3rUbvVX6LLTrRwpdEf7r8T5x0NLQNW_9Cc0Ugp8QldY4wC |
| CitedBy_id | crossref_primary_10_3233_JCS_191350 |
| Cites_doi | 10.1016/j.jlap.2013.05.001 10.1007/BFb0053381 10.1007/s10207-004-0046-8 10.1145/3133913 10.1016/j.istr.2008.02.001 10.1007/978-3-642-36563-8_1 10.14722/ndss.2018.23071 10.1145/353323.353382 10.3233/JCS-130495 10.1109/52.469759 |
| ContentType | Journal Article |
| Copyright | Copyright © 2019 Neline van Ginkel et al. Copyright © 2019 Neline van Ginkel et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| Copyright_xml | – notice: Copyright © 2019 Neline van Ginkel et al. – notice: Copyright © 2019 Neline van Ginkel et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0 |
| DBID | ADJCN AHFXO RHU RHW RHX AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1155/2019/9629034 |
| DatabaseName | الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete Hindawi Publishing Complete Hindawi Publishing Subscription Journals Hindawi Publishing Open Access CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database CrossRef |
| Database_xml | – sequence: 1 dbid: RHX name: Hindawi Publishing Open Access url: http://www.hindawi.com/journals/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1939-0122 |
| Editor | Tolomei, Gabriele |
| Editor_xml | – sequence: 1 givenname: Gabriele surname: Tolomei fullname: Tolomei, Gabriele |
| EndPage | 21 |
| ExternalDocumentID | 10_1155_2019_9629034 1210655 |
| GrantInformation_xml | – fundername: FWO-SBO Tearless project – fundername: EU-FP7-NESSOS project |
| GroupedDBID | .4S .DC 05W 0R~ 123 24P 31~ 3SF 4.4 52U 5DZ 66C 8-1 8UM AAESR AAEVG AAFWJ AAMMB AANHP AAONW AAZKR ACBWZ ACCMX ACGFO ACRPL ACXQS ACYXJ ADBBV ADIZJ ADJCN ADMLS ADNMO AEFGJ AEIMD AENEX AFBPY AGQPQ AGXDD AHFXO AIDQK AIDYY AJXKR ALMA_UNASSIGNED_HOLDINGS AMBMR ARCSS ASPBG ATUGU AVWKF AZFZN AZVAB BCNDV BDRZF BHBCM BNHUX BOGZA BRXPI CS3 DR2 DU5 EBS EIS EJD F1Z FEDTE G-S GODZA H13 HVGLF HZ~ IX1 LH4 LITHE LW6 MY. MY~ NNB O9- OIG OK1 P2P PUEGO ROL SUPJJ TH9 TUS W99 WBKPD XV2 1OC AAJEY AFKRA ARAPS BENPR BGLVJ CCPQU GROUPED_DOAJ HCIFZ IAO ICD ITC K7- PIMPY RHU RHW RHX AAYXX ALUQN CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c360t-752bf3f62da0aeef42d56e3343743f46d33ca33f04dba22a88f447fe1842a8db3 |
| IEDL.DBID | RHX |
| ISICitedReferencesCount | 6 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000473454700001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1939-0114 |
| IngestDate | Fri Jul 25 09:38:09 EDT 2025 Sat Nov 29 02:59:30 EST 2025 Tue Nov 18 22:15:16 EST 2025 Sun Jun 02 19:15:47 EDT 2024 Thu Sep 25 15:13:47 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2019 |
| Language | English |
| License | This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. http://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c360t-752bf3f62da0aeef42d56e3343743f46d33ca33f04dba22a88f447fe1842a8db3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0003-1579-9081 |
| OpenAccessLink | https://dx.doi.org/10.1155/2019/9629034 |
| PQID | 2455788412 |
| PQPubID | 1046363 |
| PageCount | 21 |
| ParticipantIDs | proquest_journals_2455788412 crossref_primary_10_1155_2019_9629034 crossref_citationtrail_10_1155_2019_9629034 hindawi_primary_10_1155_2019_9629034 emarefa_primary_1210655 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-01-01 |
| PublicationDateYYYYMMDD | 2019-01-01 |
| PublicationDate_xml | – month: 01 year: 2019 text: 2019-01-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Cairo, Egypt |
| PublicationPlace_xml | – name: Cairo, Egypt – name: London |
| PublicationTitle | Security and communication networks |
| PublicationYear | 2019 |
| Publisher | Hindawi Publishing Corporation Hindawi John Wiley & Sons, Inc |
| Publisher_xml | – name: Hindawi Publishing Corporation – name: Hindawi – name: John Wiley & Sons, Inc |
| References | 13 46 27 (17) 2011 (11) 2004; 10 4 6 (45) 2011 9 42 31 (29) 1995; 12 43 |
| References_xml | – ident: 4 doi: 10.1016/j.jlap.2013.05.001 – ident: 27 doi: 10.1007/BFb0053381 – year: 2011 ident: 17 – ident: 31 doi: 10.1007/s10207-004-0046-8 – volume: 10 year: 2004 ident: 11 – ident: 46 doi: 10.1145/3133913 – ident: 13 doi: 10.1016/j.istr.2008.02.001 – ident: 6 doi: 10.1007/978-3-642-36563-8_1 – year: 2011 ident: 45 – ident: 43 doi: 10.14722/ndss.2018.23071 – ident: 42 doi: 10.1145/353323.353382 – ident: 9 doi: 10.3233/JCS-130495 – volume: 12 start-page: 42 issue: 6 year: 1995 ident: 29 publication-title: Journal of IEEE Software doi: 10.1109/52.469759 |
| SSID | ssj0061474 |
| Score | 2.1881979 |
| Snippet | The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a... |
| SourceID | proquest crossref hindawi emarefa |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 1 |
| SubjectTerms | Access control Cloud computing Java Libraries Operating systems Programming languages Security Servers Software Third party |
| Title | A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
| URI | https://search.emarefa.net/detail/BIM-1210655 https://dx.doi.org/10.1155/2019/9629034 https://www.proquest.com/docview/2455788412 |
| Volume | 2019 |
| WOSCitedRecordID | wos000473454700001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVWIB databaseName: Wiley Online Library Open Access customDbUrl: eissn: 1939-0122 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0061474 issn: 1939-0114 databaseCode: 24P dateStart: 20170101 isFulltext: true titleUrlDefault: https://authorservices.wiley.com/open-science/open-access/browse-journals.html providerName: Wiley-Blackwell |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEF5ssaAH8W21lj3UkwSTfWTTYxFLFSnFVujJsNkHDWgrba34752kG19F9JYlsxuY2ZlvJjPMINQIeGR1JJgnAd48phWolKDSU1JoJU1ipa_yYROi242Gw2bPNUmarabwAe0gPA-aF82QNH3KSqgU8axy664zLAwuAIxwyeOs9CdgRX37j73fkKdiniQ8ABxVRlnw-5quGOMcYdrbaMu5hri1lOUOWjPjXbT5pWHgHnpo4Uy5zdTrp9rgG7mQ_Vztcd_NocOtL5kBDB7p8o3B164vBMgBTywejNKp9npwcd7wbREy76P79tXgsuO5CQmeoqE_9wQniaU2JFr60hjLiOahoZRRcAwsCzWlSlJqfaYTSYiMIsuYsAbCOljohB6g8ngyNkcI24Qb0GYDEoK9iU4UCWQSGRFYxpXgVXRecC9Wrn14NsXiMc7DCM7jjNex43UVnX1QPy_bZvxCd-gE8UkGQWjI4XsNJ5g_DqgVUoud9s1iwjgYoogF5Ph_p5ygjWy5_LVSQ-X59MWconW1mKezaR2VCOvV8zv3DksCzds |
| linkProvider | Hindawi Publishing |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Server-Side+JavaScript+Security+Architecture+for+Secure+Integration+of+Third-Party+Libraries&rft.jtitle=Security+and+communication+networks&rft.au=Piessens%2C+Frank&rft.au=Massacci%2C+Fabio&rft.au=De+Groef%2C+Willem&rft.au=van+Ginkel%2C+Neline&rft.date=2019-01-01&rft.pub=Hindawi+Publishing+Corporation&rft.issn=1939-0114&rft.eissn=1939-0122&rft.volume=2019&rft.issue=2019&rft.spage=1&rft.epage=21&rft_id=info:doi/10.1155%2F2019%2F9629034&rft.externalDBID=ADJCN&rft.externalDocID=1210655 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1939-0114&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1939-0114&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1939-0114&client=summon |