Publicatie

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Tijdschriftbijdrage - Tijdschriftartikel

© 2019 Neline van Ginkel et al. The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

Tijdschrift: Security and Communication Networks

ISSN: 1939-0114

Volume: 2019

Jaar van publicatie:2019

WoS Id: 000473454700001
DOI: https://doi.org/10.1155/2019/9629034
Institutional Repository URL: https://lirias.kuleuven.be/2807063

BOF-keylabel:ja

IOF-keylabel:ja

BOF-publication weight:0.5

CSS-citation score:1

Auteurs:International

Authors from:Higher Education

Toegankelijkheid:Open

Publicatie

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Tijdschriftbijdrage - Tijdschriftartikel

Auteurs/uitgever

Onderzoekseenheden

Projecten