A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries-Reference-Cited by-同舟云学术

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Published:2019-05-02 Issue: Volume:2019 Page:1-21
ISSN:1939-0114
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

van Ginkel Neline¹^ORCID,De Groef Willem¹,Massacci Fabio²,Piessens Frank¹

Affiliation:

1. imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, Belgium

2. Department of Information Engineering and Computer Science (DISI), University of Trento, Via Sommarive 9, 38123 Trento, Italy

Abstract

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

Funder

EU-FP7-NESSOS project

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2019/9629034.pdf

Reference13 articles.

1. Enforceable security policies

2. Security-by-contract on the .NET platform

3. Secure multi-execution of web scripts: Theory and practice

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Dependable and Non-Dependable Multi-Authentication Access Constraints to Regulate Third-Party Libraries and Plug-Ins across Platforms;Systems;2023-05-21

2. Brigadier: A Datalog-based IAST framework for Node.js Applications;2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2023-03

3. In-Situ Concolic Testing of JavaScript;2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2023-03

4. Integrating of rule based secure parameters for analyzing third-party applications and libraries in cross platform development;THE FOURTH SCIENTIFIC CONFERENCE FOR ELECTRICAL ENGINEERING TECHNIQUES RESEARCH (EETR2022);2023

5. Demystifying the vulnerability propagation and its evolution via dependency trees in the NPM ecosystem;Proceedings of the 44th International Conference on Software Engineering;2022-05-21