Please use this identifier to cite or link to this item: https://open.uns.ac.rs/handle/123456789/1525
Title: Adding security to the JavaScript-based agent middleware SiebogJS
Authors: Aleksić, Anđelko
Ivanović, Mirjana 
Holbl M.
Welzer T.
Vidaković, Mirna
Issue Date: 28-Jun-2018
Journal: 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2018 - Proceedings
Abstract: © 2018 Croatian Society MIPRO. JavaScript-based agent middleware frameworks are rare and the security handling of these is uncommon, since JavaScript does not have built-in security mechanisms and due to the lack of external security libraries. This paper gives possible solutions for including security in the SiebogJS, an agent middleware developed using NodeJS and thus implemented in JavaScript. It gives the end user the ability to upload agent files and execute them on the server. However, such actions can cause security problems. In order to prevent security issues, two security mechanisms were implemented and integrated into the SiebogJS: the ESLint library for the static code analysis and the Nodesentry library for securing external libraries that are required by an agent. The ESLint library is used to detect problematic code and the Nodesentry library is used for preventing an agent to execute malicious code during the runtime. In this way, malicious code execution can be prevented within an agent, both before and during the execution. This approach represents a good starting point for implementing security standards for the SiebogJS agent middleware, and therefore it is planned to use these security measures as standard security representation in SiebogJS.
URI: https://open.uns.ac.rs/handle/123456789/1525
ISBN: 9789532330977
DOI: 10.23919/MIPRO.2018.8400088
Appears in Collections:PMF Publikacije/Publications

Show full item record

Page view(s)

31
Last Week
10
Last month
0
checked on May 10, 2024

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.