TL;DR
This paper introduces a lightweight permission system for npm packages that enforces least-privilege access at runtime, significantly reducing the risk of malicious package updates exploiting over-privileged packages.
Contribution
The paper proposes a novel, lightweight permission system for npm that enforces runtime access controls based on package behavior, enhancing security with minimal overhead.
Findings
Many npm packages perform simple tasks and do not require extensive permissions.
The permission system effectively restricts package capabilities, making exploitation more difficult.
Implementation shows the system can be integrated with minimal performance impact.
Abstract
The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm repository, we observed that many packages in the npm repository that are used in Node.js applications perform only simple computations and do not need access to filesystem or network APIs. This offers the opportunity to enforce least-privilege design per package, protecting applications and package dependencies from malicious updates. We propose a lightweight permission system that protects Node.js applications by enforcing package permissions at runtime. We discuss the design space of solutions and show that our system makes a large number of packages much harder to be exploited, almost for free.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
