Explore HODOR, a lightweight system call level protection mechanism for Node.js applications, in this 22-minute Black Hat conference talk. Learn about cross-language and combined static-dynamic call graph analysis techniques, optimizations for call graph building methods, and the generation of system call whitelists for different Node.js thread types. Discover how HODOR implements Seccomp-based system call restrictions to enhance security in Node.js applications. Gain insights from experts Wang Gao, Dawu Gu, Xingwei Lin, Wenya Wang, and Jingyi Wang on reducing attack surfaces and improving Node.js security through innovative system call limitation approaches.
Overview
Syllabus
HODOR: Reducing Attack Surface on Node.js via System Call Limitation
Taught by
Black Hat