Abstract

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Re-designing the Web’s Access Control System
Wenliang Du ... Tongbo Luo
-
Wenliang Du, et. al.Wenliang Du ... Tongbo Luo
01 Jan 2010
Implement Security Analysis of Access Control Policy Based on Constraint by SMT
Aodi Liu ... Xiangyu Wu
-
Aodi Liu, et. al.Aodi Liu ... Xiangyu Wu
13 May 2022
Supporting access control policies across multiple operating systems
Lawrence Teo ... Gail-Joon Ahn
-
Lawrence Teo, et. al.Lawrence Teo ... Gail-Joon Ahn
18 Mar 2005
NodeSentry
Willem De Groef ... Frank Piessens
-
Willem De Groef, et. al.Willem De Groef ... Frank Piessens
08 Dec 2014
View more papers

More From: Security and Communication Networks

Paper Title
Journal
Date
Author
HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection
Peng Xiao ... Jian Hu
Security and Communication Networks | VOL. -
Peng Xiao, et. al.Peng Xiao ... Jian Hu
30 May 2024
A Robust Coverless Image Steganography Algorithm Based on Image Retrieval with SURF Features
Fan Li ... Chenyang Liu
Security and Communication Networks | VOL. 2024
Fan Li, et. al.Fan Li ... Chenyang Liu
18 May 2024
Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset
Mudassar Waheed ... Sana Qadir
Security and Communication Networks | VOL. 2024
Mudassar Waheed, et. al.Mudassar Waheed ... Sana Qadir
08 Apr 2024
Securing the Transmission While Enhancing the Reliability of Communication Using Network Coding in Block-Wise Transfer of CoAP
Mohammed D Halloush
Security and Communication Networks | VOL. 2024
Mohammed D HalloushMohammed D Halloush
28 Mar 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.