A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries
The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the pre...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-Wiley
2019-01-01
|
Series: | Security and Communication Networks |
Online Access: | http://dx.doi.org/10.1155/2019/9629034 |
id |
doaj-0382dcfe508c4f0db206bd37615c21f8 |
---|---|
record_format |
Article |
spelling |
doaj-0382dcfe508c4f0db206bd37615c21f82020-11-24T22:11:28ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222019-01-01201910.1155/2019/96290349629034A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party LibrariesNeline van Ginkel0Willem De Groef1Fabio Massacci2Frank Piessens3imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, Belgiumimec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, BelgiumDepartment of Information Engineering and Computer Science (DISI), University of Trento, Via Sommarive 9, 38123 Trento, Italyimec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Leuven, BelgiumThe popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.http://dx.doi.org/10.1155/2019/9629034 |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Neline van Ginkel Willem De Groef Fabio Massacci Frank Piessens |
spellingShingle |
Neline van Ginkel Willem De Groef Fabio Massacci Frank Piessens A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries Security and Communication Networks |
author_facet |
Neline van Ginkel Willem De Groef Fabio Massacci Frank Piessens |
author_sort |
Neline van Ginkel |
title |
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
title_short |
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
title_full |
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
title_fullStr |
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
title_full_unstemmed |
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries |
title_sort |
server-side javascript security architecture for secure integration of third-party libraries |
publisher |
Hindawi-Wiley |
series |
Security and Communication Networks |
issn |
1939-0114 1939-0122 |
publishDate |
2019-01-01 |
description |
The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation. |
url |
http://dx.doi.org/10.1155/2019/9629034 |
work_keys_str_mv |
AT nelinevanginkel aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT willemdegroef aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT fabiomassacci aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT frankpiessens aserversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT nelinevanginkel serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT willemdegroef serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT fabiomassacci serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries AT frankpiessens serversidejavascriptsecurityarchitectureforsecureintegrationofthirdpartylibraries |
_version_ |
1725805555977551872 |