@inproceedings{a57751e0fe7e4cb995e1a4d7f874d9e5,
title = "The case of the poisoned event handler: Weaknesses in the node.js event-driven architecture",
abstract = "Node.js has seen rapid adoption in industry and the open- source community. Unfortunately, its event-driven architec- ture exposes Node.js applications to Event Handler-Poisoning denial of service attacks. Our evaluation of the state of prac- tice in Node.js| combining a study of 353 publicly reported security vulnerabilities and a survey of 151 representative npm modules | demonstrates that the community is not equipped to combat this class of attack. We recommend several changes to the state of practice and propose both programming language and runtime approaches to defend against Event Handler-Poisoning attacks.",
keywords = "Denial of service, Event-driven architecture, Node.js, ReDoS",
author = "James Davis and Gregor Kildow and Dongyoon Lee",
note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017 ; Conference date: 23-04-2017 Through 27-04-2017",
year = "2017",
month = apr,
day = "23",
doi = "10.1145/3065913.3065916",
language = "English",
isbn = "9781450349352",
series = "Proceedings of the Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017",
}