A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the pre...

Full description

Bibliographic Details
Main Authors: Neline van Ginkel, Willem De Groef, Fabio Massacci, Frank Piessens
Format: Article
Language:English
Published: Hindawi-Wiley 2019-01-01
Series:Security and Communication Networks
Online Access:http://dx.doi.org/10.1155/2019/9629034
id doaj-0382dcfe508c4f0db206bd37615c21f8
record_format Article
spelling doaj-0382dcfe508c4f0db206bd37615c21f82020-11-24T22:11:28ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222019-01-01201910.1155/2019/96290349629034A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party LibrariesNeline van Ginkel0Willem De Groef1Fabio Massacci2Frank Piessens3imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, Belgiumimec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, BelgiumDepartment of Information Engineering and Computer Science (DISI), University of Trento, Via Sommarive 9, 38123 Trento, Italyimec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, BelgiumThe popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.http://dx.doi.org/10.1155/2019/9629034
collection DOAJ
language English
format Article
sources DOAJ
author Neline van Ginkel
Willem De Groef
Fabio Massacci
Frank Piessens
spellingShingle Neline van Ginkel
Willem De Groef
Fabio Massacci
Frank Piessens
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
Security and Communication Networks
author_facet Neline van Ginkel
Willem De Groef
Fabio Massacci
Frank Piessens
author_sort Neline van Ginkel
title A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
title_short A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
title_full A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
title_fullStr A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
title_full_unstemmed A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
title_sort server-side javascript security architecture for secure integration of third-party libraries
publisher Hindawi-Wiley
series Security and Communication Networks
issn 1939-0114
1939-0122
publishDate 2019-01-01
description The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.
url http://dx.doi.org/10.1155/2019/9629034
work_keys_str_mv AT nelinevanginkel aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT willemdegroef aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT fabiomassacci aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT frankpiessens aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT nelinevanginkel serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT willemdegroef serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT fabiomassacci serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
AT frankpiessens serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries
_version_ 1725805555977551872

Similar Items