TY - GEN
T1 - Scalable integrity-guaranteed AJAX
AU - Moyer, Thomas
AU - Jaeger, Trent
AU - McDaniel, Patrick
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.
AB - Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.
UR - http://www.scopus.com/inward/record.url?scp=84859734387&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84859734387&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-29253-8_1
DO - 10.1007/978-3-642-29253-8_1
M3 - Conference contribution
AN - SCOPUS:84859734387
SN - 9783642292521
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 19
BT - Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings
T2 - 14th Asia Pacific Web Technology Conference, APWeb 2012
Y2 - 11 April 2012 through 13 April 2012
ER -