Abstract
© 2019 Neline van Ginkel et al.The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.
| Original language | English |
|---|---|
| Article number | 9629034 |
| Journal | Security and Communication Networks |
| Volume | 2019 |
| DOIs | |
| Publication status | Published - 2019 |
| Externally published | Yes |
Funding
This work has been partly supported by the EU-FP7-NESSOS project and by the FWO-SBO Tearless project.
| Funders | Funder number |
|---|---|
| FWO-SBO | |
| Seventh Framework Programme | 256980 |
| Fonds Wetenschappelijk Onderzoek |