HODOR: Reducing Attack Surface on Node.js via System Call Limitation

Sdílet
Vložit
  • čas přidán 24. 03. 2024
  • ....To address the above challenges, we will present HODOR, a lightweight system call level protection mechanism designed for Node.js applications. HODOR begins with cross-language and combined static-dynamic call graph analysis for both Node.js applications and the Node.js framework. This step involves proposing optimizations to enhance state-of-the-art call graph building methods, static-dynamic call graph analysis, and consideration of built-in methods for JavaScript code, along with partial context-sensitive mechanisms for C/C++ code. HODOR then generates system call whitelists tailored to different types of threads within the Node.js framework. Finally, HODOR implements lightweight system call restrictions based on the Seccomp mechanism, specifically applied to various threads of Node.js at carefully chosen moments...
    By: Wang Gao , Dawu Gu , Xingwei Lin , Wenya Wang , Jingyi Wang
    Full Abstract and Presentation Materials:
    www.blackhat.com/eu-23/briefi...

Komentáře •

Další v pořadí
Automatické přehrávání
How to Set Up a Node.js Project24:44How to Set Up a Node.js Project
How to Set Up a Node.js ProjectThe Coding Train
zhlédnutí 59K
How to make 6 figures by buying land, building a house, and selling in under 1 year1:21:22How to make 6 figures by buying land, building a house, and selling in under 1 year
How to make 6 figures by buying land, building a house, and selling in under 1 yearJerome Maldonado
zhlédnutí 382
Black Hat Asia 2024 Highlights2:47Black Hat Asia 2024 Highlights
Black Hat Asia 2024 HighlightsBlack Hat
zhlédnutí 641
ISSEI funny story😂😂😂Strange World | Magic Lips💋00:36ISSEI funny story😂😂😂Strange World | Magic Lips💋
ISSEI funny story😂😂😂Strange World | Magic Lips💋ISSEI / いっせい
zhlédnutí 123M
TOHODLE JSTE SI NEVŠIMLI VE FILMU AUTA #zajimavosti #cars00:48TOHODLE JSTE SI NEVŠIMLI VE FILMU AUTA #zajimavosti #cars
TOHODLE JSTE SI NEVŠIMLI VE FILMU AUTA #zajimavosti #carsLůk
zhlédnutí 298K
Kiedy po ciężkim tygodniu idziesz na imprezę 😂00:20Kiedy po ciężkim tygodniu idziesz na imprezę 😂
Kiedy po ciężkim tygodniu idziesz na imprezę 😂BartoszJagielskiOfficial
zhlédnutí 6M
How Bouncing Betty’s Work 🫨00:32How Bouncing Betty’s Work 🫨
How Bouncing Betty’s Work 🫨Zack D. Films
zhlédnutí 48M
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools35:22The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread PoolsBlack Hat
zhlédnutí 1,7K
"Embarking on the AI Adventure : A beginner's guide to ML" by Zaid Ahmad Awan - MDS Talks"Embarking on the AI Adventure : A beginner's guide to ML" by Zaid Ahmad Awan - MDS Talks
"Embarking on the AI Adventure : A beginner's guide to ML" by Zaid Ahmad Awan - MDS TalksMDS : Moroccan Data Scientists Community
zhlédnutí 8
Google IO 2024 Full Breakdown: Google is RELEVANT Again!27:35Google IO 2024 Full Breakdown: Google is RELEVANT Again!
Google IO 2024 Full Breakdown: Google is RELEVANT Again!Matthew Berman
zhlédnutí 46K
Web Cache Poisoning | CloudKeeper | Bug Bounty POC1:57Web Cache Poisoning | CloudKeeper | Bug Bounty POC
Web Cache Poisoning | CloudKeeper | Bug Bounty POCCyberSkb
zhlédnutí 2,7K
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 20234:12Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023Arfi Tutorials
zhlédnutí 3,2K
Just chilling and codingJust chilling and coding
Just chilling and codingLocal
zhlédnutí 4
What is the "best way" to develop software applications?18:37What is the "best way" to develop software applications?
What is the "best way" to develop software applications?Web Dev Cody
zhlédnutí 252K
Toyota Production System and Agile Kata (Hide Oba and Joe Krebs)33:36Toyota Production System and Agile Kata (Hide Oba and Joe Krebs)
Toyota Production System and Agile Kata (Hide Oba and Joe Krebs)Agile Kata Pro
zhlédnutí 24
The Linux ToolboxThe Linux Toolbox
The Linux ToolboxTitus Tech Talk
zhlédnutí 144
Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)03:50Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)
Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)JanBendigOfficial
zhlédnutí 259K
Did you find it?! 🤔✨✍️ #funnyart00:11Did you find it?! 🤔✨✍️ #funnyart
Did you find it?! 🤔✨✍️ #funnyartArtistomg
zhlédnutí 55M
IKON ZKOUŠÍ CO JE ZA MEME ! 😂 #shorts00:16IKON ZKOUŠÍ CO JE ZA MEME ! 😂 #shorts
IKON ZKOUŠÍ CO JE ZA MEME ! 😂 #shortsIkonova Videa
zhlédnutí 42K
What is the BEST way to eat chocolate? With CHOCOLATE?😎❤️🍫| CHEFKOUDY00:10What is the BEST way to eat chocolate? With CHOCOLATE?😎❤️🍫| CHEFKOUDY
What is the BEST way to eat chocolate? With CHOCOLATE?😎❤️🍫| CHEFKOUDYchefkoudy
zhlédnutí 107M
格斗裁判暴力执法!#fighting #shorts00:15格斗裁判暴力执法!#fighting #shorts
格斗裁判暴力执法!#fighting #shorts武林之巅
zhlédnutí 29M
Normal vs Smokers !! 😱😱😱00:12Normal vs Smokers !! 😱😱😱
Normal vs Smokers !! 😱😱😱Tibo InShape
zhlédnutí 41M
[Vowel]물고기는 물에서 살아야 해🐟🤣Fish have to live in the water #funny00:53[Vowel]물고기는 물에서 살아야 해🐟🤣Fish have to live in the water #funny
[Vowel]물고기는 물에서 살아야 해🐟🤣Fish have to live in the water #funnyByungari 병아리언니
zhlédnutí 37M
BYL JSEM STANOVAT…00:56BYL JSEM STANOVAT…
BYL JSEM STANOVAT…Attack
zhlédnutí 562K