A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the pre...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Security and communication networks Ročník 2019; číslo 2019; s. 1 - 21
Hlavní autoři: Piessens, Frank, Massacci, Fabio, De Groef, Willem, van Ginkel, Neline
Médium: Journal Article
Jazyk:angličtina
Vydáno: Cairo, Egypt Hindawi Publishing Corporation 01.01.2019
Hindawi
John Wiley & Sons, Inc
Témata:
Access control
Cloud computing
Java
Libraries
Operating systems
Programming languages
Security
Servers
Software
Third party
ISSN:1939-0114, 1939-0122
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1939-0114
1939-0122
DOI:10.1155/2019/9629034