Verena: End-to-End Integrity Protection for Web Applications
作者: Nikolaos Karapanos , Alexandros Filios , Raluca Ada Popa , Srdjan Capkun
DOI: 10.1109/SP.2016.58
关键词: Web standards 、 Web navigation 、 Computer science 、 Web analytics 、 Web API 、 Computer security 、 Mashup 、 Web application security 、 Web service 、 Static web page 、 Database server 、 Web 2.0 、 Web application 、 Web server 、 Web modeling 、 World Wide Web 、 Web page 、 Data Web 、 Ajax 、 Data integrity 、 Web design 、 Web development
摘要: Web applications rely on web servers to protect the integrity of sensitive information. However, an attacker gaining access can tamper with data and query computation results, thus serve corrupted pages user. Violating page have serious consequences, affecting application functionality decision-making processes. Worse yet, violation may affect physical safety, as in case medical which enable physicians assign treatment patients based diagnostic information stored at server. This paper presents Verena, a platform that provides end-to-end guarantees against attackers full database servers. In client's browser verify by verifying results queries Verena strong properties such freshness, completeness, correctness for common set queries, relying small trusted computing base. setting where there be many users different write permissions, allows developer specify policy our notion trust contexts, then enforces this efficiently. We implemented evaluated top Meteor framework. Our show support real modest overhead.
sci-hub.se 参考文章(37)
Dan Boneh, Hovav Shacham, Nagendra Modadugu, Eu-Jin Goh, SiRiUS: Securing Remote Untrusted Storage. network and distributed system security symposium. ,(2003)
Giovanni Vigna, William Robertson, Static enforcement of web application integrity through strong typing usenix security symposium. pp. 283- 298 ,(2009)
Beom Heyn Kim, David Lie, Caelus: Verifying the Consistency of Cloud Services with Battery-Powered Devices 2015 IEEE Symposium on Security and Privacy. pp. 880- 896 ,(2015) , 10.1109/SP.2015.59
Stephen Chong, Andrew C. Myers, K. Vikram, SIF: enforcing confidentiality and integrity in web applications usenix security symposium. pp. 1- ,(2007)
Raluca Ada Popa, David Molnar, Helen J. Wang, Jacob R. Lorch, Li Zhuang, Enabling security in cloud storage SLAs with CloudProof usenix annual technical conference. pp. 31- 31 ,(2011)
John R. Douceur, Thomas Moscibroda, Dave Levin, Jacob R. Lorch, TrInc: small trusted hardware for large distributed systems networked systems design and implementation. pp. 1- 14 ,(2009)
Nickolai Zeldovich, Raluca Ada Popa, Hari Balakrishnan, Steven Valdez, Jonas Helfer, Emily Stark, M. Frans Kaashoek, Building web applications on top of encrypted data using Mylar networked systems design and implementation. pp. 157- 172 ,(2014) , 10.5555/2616448.2616464
Kevin Fu, Ram Swaminathan, Erik Riedel, Qian Wang, Mahesh Kallahalla, Plutus: Scalable Secure File Sharing on Untrusted Storage file and storage technologies. pp. 3- 3 ,(2003)
Michael T. Goodrich, Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos, Athos: Efficient Authentication of Outsourced File Systems Lecture Notes in Computer Science. pp. 80- 96 ,(2008) , 10.1007/978-3-540-85886-7_6
Christian Cachin, Olga Ohrimenko, Verifying the Consistency of Remote Untrusted Services with Commutative Operations international conference on principles of distributed systems. pp. 1- 16 ,(2014) , 10.1007/978-3-319-14472-6_1