ABSTRACT
Recovering from attacks in an interconnected system is difficult, because an adversary that gains access to one part of the system may propagate to many others, and tracking down and recovering from such an attack requires significant manual effort. Web services are an important example of an interconnected system, as they are increasingly using protocols such as OAuth and REST APIs to integrate with one another. This paper presents Aire, an intrusion recovery system for such web services. Aire addresses several challenges, such as propagating repair across services when some servers may be unavailable, and providing appropriate consistency guarantees when not all servers have been repaired yet. Experimental results show that Aire can recover from four realistic attacks, including one modeled after a recent Facebook OAuth vulnerability; that porting existing applications to Aire requires little effort; and that Aire imposes a 19--30% CPU overhead and 6--9 KB/request storage cost for Askbot, an existing web application.
Supplemental Material
- Askbot -- create your Q&A forum. http://www.askbot.com.Google Scholar
- Django: the Web framework for perfectionists with deadlines. http://www.djangoproject.com.Google Scholar
- OAuth community site. http://oauth.net.Google Scholar
- M. K. Aguilera, J. C. Mogul, J. L. Wiener, P. Reynolds, and A. Muthitacharoen. Performance debugging for distributed systems of black boxes. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY, Oct. 2003. Google ScholarDigital Library
- İ. E. Akkuş and A. Goel. Data recovery for web applications. In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Chicago, IL, June--July 2010.Google ScholarCross Ref
- S. Chacon. Pro Git. Apress, Aug. 2009. Google ScholarDigital Library
- R. Chandra, T. Kim, M. Shah, N. Narula, and N. Zeldovich. Intrusion recovery for database-backed web applications. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), pages 101--114, Cascais, Portugal, Oct. 2011. Google ScholarDigital Library
- J. Dunagan, A. X. Zheng, and D. R. Simon. Heatray: Combating identity snowball attacks using machine learning, combinatorial optimization and attack graphs. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), Big Sky, MT, Oct. 2009. Google ScholarDigital Library
- N. Goldshlager. How I hacked Facebook OAuth to get full permission on any Facebook account. http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html, Feb. 2013.Google Scholar
- N. Goldshlager. How I hacked any Facebook account...again! http://www.nirgoldshlager.com/2013/03/how-i-hacked-any-facebook-accountagain.html, Mar. 2013.Google Scholar
- N. Goldshlager. How I hacked Instagram accounts. http://www.breaksec.com/?p=6164, May 2013.Google Scholar
- Google, Inc. Google apps script, 2013. https://script.google.com.Google Scholar
- E. Hammer-Lahav. OAuth security advisory: 2009.1. http://oauth.net/advisories/2009-1/, Apr. 2009.Google Scholar
- ifttt, Inc. Put the internet to work for you, 2013. https://ifttt.com.Google Scholar
- T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Intrusion recovery using selective re-execution. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), pages 89--104, Vancouver, Canada, Oct. 2010. Google ScholarDigital Library
- T. Kim, R. Chandra, and N. Zeldovich. Recovering from intrusions in distributed systems with Dare. In Proceedings of the 3rd Asia-Pacific Workshop on Systems, Seoul, South Korea, July 2012. Google ScholarDigital Library
- T. Kim, R. Chandra, and N. Zeldovich. Efficient patch-based auditing for web application vulnerabilities. In Proceedings of the 10th Symposium on Operating Systems Design and Implementation (OSDI), pages 193--206, Hollywood, CA, Oct. 2012. Google ScholarDigital Library
- S. T. King and P. M. Chen. Backtracking intrusions. ACM Transactions on Computer Systems, 23(1):51--76, Feb. 2005. Google ScholarDigital Library
- P. Mahajan, R. Kotla, C. C. Marshall, V. Ramasubramanian, T. L. Rodeheffer, D. B. Terry, and T. Wobber. Effective and efficient compromise recovery for weakly consistent replication. In Proceedings of the ACM EuroSys Conference, Nuremberg, Germany, Mar. 2009. Google ScholarDigital Library
- M. Mimoso. Twitter OAuth API keys leaked. http://threatpost.com/twitter-oauth-api-keys-leaked-030713, Mar. 2013.Google Scholar
- J. Simmonds, S. Ben-David, and M. Chechik. Guided recovery for web service applications. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering, Santa Fe, NM, Nov. 2010. Google ScholarDigital Library
- Yahoo, Inc. Pipes: Rewire the web, 2013. http://pipes.yahoo.com.Google Scholar
- Zapier, Inc. Automate the web, 2013. https://zapier.com.Google Scholar
Recommendations
Composing Web Services: A QoS View
An Internet application can invoke several services--a stock-trading Web service, for example, could invoke a payment service, which could then invoke an authentication service. Such a scenario is called a composite Web service, and it can be specified ...
Recovery mechanisms for semantic web services
DAIS'08: Proceedings of the 8th IFIP WG 6.1 international conference on Distributed applications and interoperable systemsWeb service-based applications are widely used, which has inevitably led to the need for proper mechanisms for the web service paradigm that can provide sustainable and reliable execution flows. In this paper we revise recovery techniques in OWL-S and ...
Web Services Lookup: A Matchmaker Experiment
UDDI is a standard registry for Web services, but so far its search functionality has been limited to keyword search. These authors propose a UDDI enhancement called Matchmaker, which supports semantic service capability discovery. Since September 2003, ...
Comments