The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries / Van Ginkel, N.; De Groef, W.; Massacci, F.; Piessens, F.. - In: SECURITY AND COMMUNICATION NETWORKS. - ISSN 1939-0114. - ELETTRONICO. - 2019:(2019), pp. 1-21. [10.1155/2019/9629034]

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Massacci F.;
2019

Abstract

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.
Van Ginkel, N.; De Groef, W.; Massacci, F.; Piessens, F.
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries / Van Ginkel, N.; De Groef, W.; Massacci, F.; Piessens, F.. - In: SECURITY AND COMMUNICATION NETWORKS. - ISSN 1939-0114. - ELETTRONICO. - 2019:(2019), pp. 1-21. [10.1155/2019/9629034]
File in questo prodotto:
File Dimensione Formato  
nodesentry-main.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: Pre-print non referato (Non-refereed preprint)
Licenza: Creative commons
Dimensione 571.34 kB
Formato Adobe PDF
571.34 kB Adobe PDF Visualizza/Apri
9629034.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Creative commons
Dimensione 4.07 MB
Formato Adobe PDF
4.07 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/251138
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 2
social impact