A security architecture for server-side JavaScript: Extended abstract

Node.js is a popular JavaScript server-side framework with an efficient runtime for cloud-based eventdriven architectures. Its strength is the presence of thousands of third party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise one’s entire server. In order to support the least-privilege integration of libraries we develop NodeSentry, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web-hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library.