Adding security to the JavaScript-based agent middleware SiebogJS

Abstract

© 2018 Croatian Society MIPRO. JavaScript-based agent middleware frameworks are rare and the security handling of these is uncommon, since JavaScript does not have built-in security mechanisms and due to the lack of external security libraries. This paper gives possible solutions for including security in the SiebogJS, an agent middleware developed using NodeJS and thus implemented in JavaScript. It gives the end user the ability to upload agent files and execute them on the server. However, such actions can cause security problems. In order to prevent security issues, two security mechanisms were implemented and integrated into the SiebogJS: the ESLint library for the static code analysis and the Nodesentry library for securing external libraries that are required by an agent. The ESLint library is used to detect problematic code and the Nodesentry library is used for preventing an agent to execute malicious code during the runtime. In this way, malicious code execution can be prevented within an agent, both before and during the execution. This approach represents a good starting point for implementing security standards for the SiebogJS agent middleware, and therefore it is planned to use these security measures as standard security representation in SiebogJS.