DATS - Data Containers for Web Applications

Authors:
Casen Hunger

The University of Texas at Austin, Austin, TX, USA

The University of Texas at Austin, Austin, TX, USA
View Profile

,
Lluis Vilanova

Technion - Israel Institute of Technology, Haifa, Israel

Technion - Israel Institute of Technology, Haifa, Israel
View Profile

,
Charalampos Papamanthou

The University of Maryland, College Park, MD, USA

The University of Maryland, College Park, MD, USA
View Profile

,
Yoav Etsion

Technion -- Israel Institute of Technology, Haifa, Israel

Technion -- Israel Institute of Technology, Haifa, Israel
View Profile

,
Mohit Tiwari

The University of Texas at Austin, Austin, TX, USA

The University of Texas at Austin, Austin, TX, USA
View Profile

Authors Info & Claims

ACM SIGPLAN Notices Volume 53 Issue 2February 2018pp 722–736https://doi.org/10.1145/3296957.3173213

Published:19 March 2018Publication History

ACM SIGPLAN Notices

Abstract

Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust declassifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worst-case overheads due to application replication, and demonstrate usable performance for common-case usage.

References

Advanced multi layered unification filesystem (AUFS). http://aufs. sourceforge.net.Google Scholar
Celery. http://www.celeryproject.org.Google Scholar
CVE Details. http://www.cvedetails.com/vulnerability-list.Google Scholar
Docker. http://docker.com.Google Scholar
Recent zero-day exploits. https://www.fireeye.com/current-threats/ recent-zero-day-attacks.html.Google Scholar
Flask. http://flask.pocoo.org.Google Scholar
Gitlab security vulnerabilities. https://www.cvedetails.com/ vulnerability-list/vendor_id-13074/Gitlab.html.Google Scholar
20 famous websites vulnerable to cross site scripting (XSS) attack. http://thehackernews.com/2011/09/20-famous-websitesvulnerable- to-cross.html.Google Scholar
HITRUST alliance. https://hitrustalliance.net. {10} Linux Containers. http://linuxcontainers.org.Google Scholar
Mattermost security updates. https://about.mattermost.com/securityupdates/.Google Scholar
Mustache. http://mustache.github.io.Google Scholar
OWASP top ten project. https://www.owasp.org/index.php/OWASP_ Top_Ten_Project.Google Scholar
React - a JavaScript library for building user interfaces. http://facebook. github.io/react.Google Scholar
Redis. http://redis.io.Google Scholar
Comparison of web template engines. https://en.wikipedia.org/wiki/ Comparison_of_web_template_engines (accessed Aug 2017).Google Scholar
RFC 6455 - the websocket protocol. https://tools.ietf.org/html/rfc6455.Google Scholar
Wikipedia - SQL Injection. https://en.wikipedia.org/wiki/SQL_ injection#Examples.Google Scholar
The security flaws at the heart of the Panama Papers. http://www.wired.co.uk/article/panama-papers-mossack-fonsecawebsite- security-problems.Google Scholar
WSGI. http://wsgi.org.Google Scholar
D. Akhawe, F. Li,W. He, P. Saxena, and D. Song. Data-confined HTML5 applications. In Computer Security -- ESORICS, 2013.Google Scholar
S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe, M. L. Stillwell, D. Goltzsche, D. Eyers, R. Kapitza, P. Pietzuch, and C. Fetzer. SCONE: Secure Linux Containers with Intel SGX. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2016. Google ScholarDigital Library
A. Askarov, D. Zhang, and A. C. Myers. Predictive black-box mitigation of timing channels. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2011. Google ScholarDigital Library
T. H. Austin and C. Flanagan. Multiple facets for dynamic information flow. Jan. 2012.Google Scholar
A. Aviram, S.-C. Weng, S. Hu, and B. Ford. Efficient system-enforced deterministic parallelism. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2012. Google ScholarDigital Library
S. Biswas, D. Franklin, A. Savage, R. Dixon, T. Sherwood, and F. T. Chong. Multi-execution: Multicore caching for data-similar executions. In Intl. Symp. on Computer Architecture (ISCA), June 2009. Google ScholarDigital Library
M. Castro, M. Costa, and J.-P. Martin. Better bug reporting with better privacy. In Intl. Conf. on Arch. Support for Programming Languages&Operating Systems (ASPLOS), Mar. 2008. Google ScholarDigital Library
Y.-Y. Chen, P. A. Jamkhedkar, and R. B. Lee. A software-hardware architecture for self-protecting data. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2012. Google ScholarDigital Library
R. Cheng, W. Scott, P. Ellenbogen, J. Howell, F. Roesner, A. Krishnamurthy, and T. Anderson. Radiatus: Strong user isolation for scalable web applications. In ACM Symp. on Cloud Computing (SoCC), Oct. 2016.Google Scholar
W. W.-Y. Cheng. Information Flow for Secure Distributed Applications. Ph.D., MIT, Cambridge, MA, USA, Aug. 2009. Also as Technical Report MIT-CSAIL-TR-2009-040.Google ScholarCross Ref
M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: a flexible information flow architecture for software security. In Intl. Symp. on Computer Architecture (ISCA), May 2007. Google ScholarDigital Library
J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. Comm. ACM, Mar. 1966. Google ScholarDigital Library
D. Devriese and F. Piersens. Noninterference through secure multiexecution. In IEEE Symp. on Security and Privacy, May 2010. Google ScholarDigital Library
C. Dwork. Differential privacy. In International Colloquium on Automata, Languages and Programming (ICALP), July 2006. Google ScholarDigital Library
P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. Oct. 2005.Google Scholar
A. J. Feldman, A. Blankstein, M. J. Freedman, and E. W. Felten. Social networking with frientegrity: privacy and integrity with an untrusted provider. In USENIX Security Symposium, Aug. 2012. Google ScholarDigital Library
W. Felter, A. Ferreira, R. Rajamony, and J. Rubio. An updated performance comparison of virtual machines and linux containers. Technical report, IBM Research Division, July 2014.Google Scholar
D. B. Giffin, A. Levy, D. Stefan, D. Terei, J. Mitchell, D. Mazières, and A. Russo. Hails: Protecting data privacy in untrusted web applications. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2012. Google ScholarDigital Library
J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symp. on Security and Privacy, Apr. 1982.Google ScholarCross Ref
T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2016. Google ScholarDigital Library
Intel Software Guard Extensions Programming Reference. Intel, Oct. 2014.Google Scholar
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009. Google ScholarDigital Library
M. Krohn. Information Flow Control for Secure Web Sites. PhD thesis, MIT, 2008. Google ScholarDigital Library
S. Lee, E. L. Wong, D. Goel, M. Dahlin, and V. Shmatikov. - Box: A platform for privacy-preserving apps. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Apr. 2013. Google ScholarDigital Library
H. M. Levy. Capability-Based Computer Systems. Digital Press, 1984. Google ScholarDigital Library
N. Li, T. Li, and S. Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In Intl. Conf. on Data Engineering (ICDE), Apr. 2007.Google ScholarCross Ref
J. Liu, M. D. George, K. Vikram, X. Qi, L.Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009. Google ScholarDigital Library
P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In USENIX Annual Technical Conf. (ATC), 2001. Google ScholarDigital Library
A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, Mar. 2007. Google ScholarDigital Library
F. McSherry. Privacy integrated queries. In SIGMOD, June 2009.Google ScholarDigital Library
P. Mohan, A. Thakurta, E. Shi, D. Song, and D. E. Culler. GUPT: Privacy preserving data analysis made easy. In SIGMOD, May 2012. Google ScholarDigital Library
A. Nadkarni, B. Andow, W. Enck, and S. Jha. Practical DIFC enforcement on Android. In USENIX Security Symposium, Aug. 2016.Google ScholarDigital Library
B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and A. Perrig. Clamp: Practical prevention of large-scale data leaks. In IEEE Symp. on Security and Privacy, May 2009. Google ScholarDigital Library
B. Parno, J. M. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symp. on Security and Privacy, May 2010. Google ScholarDigital Library
V. Rastogi and S. Nath. Differentially private aggregation of distributed time-series with transformation and encryption. In SIGMOD, June 2010. DATS - Data Containers for Web Applications ASPLOS'18, March 24--28, 2018, Williamsburg, VA, USA Google ScholarDigital Library
I. Roy, S. T. Setty, A. Kilzer, V. Shmatikov, and E. Witchel. Airavat: Security and privacy for mapreduce. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Apr. 2010. Google ScholarDigital Library
B. Russell. KVM and Docker LXC Benchmarking with Open- Stack. http://bodenr.blogspot.com/2014/05/kvm-and-docker-lxcbenchmarking- with.html.Google Scholar
A. Sabelfeld, A. C., and Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, Jan. 2003. Google ScholarDigital Library
M. Sherr and M. Blaze. Application containers without virtual machines. In ACM workshop on Virtual machine security, Nov. 2009. Google ScholarDigital Library
S. Smalley, C. Vance, and W. Salamon. Implementing SELinux as a Linux Security Module. Technical report, NAI Labs, Dec. 2001.Google Scholar
D. Stefan, E. Z. Yang, P. Marchenko, A. Russo, D. Herman, B. Karp, and D. Mazières. Protecting users by confining javascript with COWL. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2014. Google ScholarDigital Library
E. Stefanov, M. van Dijk, A. Juels, and A. Oprea. Iris: a scalable cloud file system with efficient integrity checks. In Annual Computer Security Applications Conference (ACSAC), Dec. 2010. Google ScholarDigital Library
L. Sweeney. k-anonimity: A model for protecting privacy. International Journal on Uncertaint, Fuzziness and Knowledge-based Systems, Oct. 2002. Google ScholarDigital Library
M. Tiwari, P. Mohan, A. Osheroff, H. Alkaff, E. Shi, E. Love, D. Song, and K. Asanovi?. Context-centric security. In Proceedings of the 7th USENIX Workshop on Hot Topics in Security, Aug. 2012. Google ScholarDigital Library
B. C. Vattikonda, S. Das, and H. Shacham. Eliminating fine grained timers in Xen (short paper). In Proceedings of CCSW 2011, Oct. 2011. Google ScholarDigital Library
L. Vilanova, M. Ben-Yehuda, N. Navarro, Y. Etsion, and M. Valero. CODOMs: Protecting software with code-centric memory domains. In Intl. Symp. on Computer Architecture (ISCA), June 2014. Google ScholarDigital Library
L. Vilanova, M. Jordà, N. Navarro, Y. Etsion, and M. Valero. Direct interprocess communication (dipc): Repurposing the codoms architecture to accelerate ipc. In European Conference on Computer Systems (EuroSys), Apr. 2017. Google ScholarDigital Library
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, Sept. 2009. Google ScholarDigital Library
R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway. Capsicum: practical capabilities for UNIX. In USENIX Security Symposium, Aug. 2010. Google ScholarDigital Library
R. N. M.Watson, J.Woodruff, P. G. Neumann, S.W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. CHERI: A hybrid capabilitysystem architecture for scalable software compartmentalization. In IEEE Symp. on Security and Privacy, May 2015. Google ScholarDigital Library
Y. Xu and E. Witchel. Maxoid: Transparently confining mobile applications with custom views of state. In European Conference on Computer Systems (EuroSys), Apr. 2015. Google ScholarDigital Library
Y. Xu and E. Witchel. Earp: Principled storage, sharing, and protection for mobile apps. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Mar. 2016. Google ScholarDigital Library
Y. Xu, A. M. Dunn, O. S. Hofmann, M. Z. Lee, S. A. Mehdi, and E. Witchel. Application-defined decentralized access control. In USENIX Annual Technical Conf. (ATC), June 2014. Google ScholarDigital Library
J. Yang, K. Yessenov, and A. Solar-Lezama. Alanguage for automatically enforcing privacy policies. Jan. 2012.Google Scholar
A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009. Google ScholarDigital Library
S. Zdancewic and A. C. Myers. Robust declassification. In IEEE Computer Security Foundations Workshop, June 2001. Google ScholarDigital Library
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2006. Google ScholarDigital Library
N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware enforcement of application security policies using tagged memory. In Symp. on Operating Systems Design and Implementation (OSDI), Dec. 2008. Google ScholarDigital Library
Y. Zhang, J. Katz, and C. Papamanthou. Integridb: Verifiable sql for outsourced databases. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2015. Google ScholarDigital Library

Index Terms

DATS - Data Containers for Web Applications
1. Security and privacy

Recommendations

DATS - Data Containers for Web Applications
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose ...
Read More
Docker Containers (includes Content Update Program): Build and Deploy with Kubernetes, Flannel, Cockpit, and Atomic
Read More
Docker Containers
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGPLAN Notices Volume 53, Issue 2
ASPLOS '18
February 2018
809 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296957
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems
March 2018
827 pages
ISBN:9781450349116
DOI:10.1145/3173162
General Chairs:
Xipeng Shen
North Carolina State University, USA
,
James Tuck
North Carolina State University, USA
,
Program Chairs:
Ricardo Bianchini
Microsoft Research, USA
,
Vivek Sarkar
Georgia Institute of Technology, USA
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 March 2018
Check for updates
Author Tags
information flow control
operating systems security
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 715
  Total Downloads
- Downloads (Last 12 months)142
- Downloads (Last 6 weeks)24
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

DATS - Data Containers for Web Applications

ACM SIGPLAN Notices

Abstract

References

Cited By

Index Terms

Recommendations

DATS - Data Containers for Web Applications

Docker Containers (includes Content Update Program): Build and Deploy with Kubernetes, Flannel, Cockpit, and Atomic

Docker Containers