You Can Run But You Can’t Hide: Runtime Protection Against Malicious Package Updates For Node.js

Malicious software packages are often used in software supply chain attacks. Detecting these packages is a top priority, and there have been many academic and commercial approaches developed for this purpose. In the event of an attack, it is essential to have resilience against malicious code. To address this issue, we introduce a runtime protection for Node.js that automatically limits the capabilities of packages to a minimum level. The implementation and evaluation of the detection and enforcement of necessary capabilities at runtime was conducted against known malicious attacks. Our approach successfully prevented 90 % of historical attacks with a median install-time overhead of less than 0.6 seconds and a median runtime overhead of less than 0.2 seconds.

Pohl, Timo; Ohm, Marc; Boes, Felix; Meier, Michael (2024): You Can Run But You Can’t Hide: Runtime Protection Against Malicious Package Updates For Node.js. Sicherheit 2024. DOI: 10.18420/sicherheit2024_015. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-739-5. pp. 231-241. Full Paper Session 7 – Netzwerk- und Softwaresicherheit. Worms. 09.-11.04.2024

Schlagwörter

Software Supply Chain , Policy Enforcement , Abstract Syntax Trees

DOI

10.18420/sicherheit2024_015

Sammlungen

P345 - Sicherheit 2024 - Sicherheit, Schutz und Zuverlässigkeit

Komplettanzeige

You Can Run But You Can’t Hide: Runtime Protection Against Malicious Package Updates For Node.js

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen