📚 HODOR: Reducing Attack Surface on Node.js via System Call Limitation

Author: Black Hat - Bewertung: 13x - Views:391

....To address the above challenges, we will present HODOR, a lightweight system call level protection mechanism designed for Node.js applications. HODOR begins with cross-language and combined static-dynamic call graph analysis for both Node.js applications and the Node.js framework. This step involves proposing optimizations to enhance state-of-the-art call graph building methods, static-dynamic call graph analysis, and consideration of built-in methods for JavaScript code, along with partial context-sensitive mechanisms for C/C++ code. HODOR then generates system call whitelists tailored to different types of threads within the Node.js framework. Finally, HODOR implements lightweight system call restrictions based on the Seccomp mechanism, specifically applied to various threads of Node.js at carefully chosen moments... By: Wang Gao , Dawu Gu , Xingwei Lin , Wenya Wang , Jingyi Wang Full Abstract and Presentation Materials: https://www.blackhat.com/eu-23/briefings/schedule/#hodor-reducing-attack-surface-on-nodejs-via-system-call-limitation-35216