Scalable integrity-guaranteed AJAX

Thomas Moyer; Trent Jaeger; Patrick McDaniel

doi:10.1007/978-3-642-29253-8_1

Scalable integrity-guaranteed AJAX

Thomas Moyer, Trent Jaeger, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.

Original language	English (US)
Title of host publication	Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings
Pages	1-19
Number of pages	19
DOIs	https://doi.org/10.1007/978-3-642-29253-8_1
Publication status	Published - Apr 18 2012
Event	14th Asia Pacific Web Technology Conference, APWeb 2012 - Kunming, China Duration: Apr 11 2012 → Apr 13 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7235 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	14th Asia Pacific Web Technology Conference, APWeb 2012
Country	China
City	Kunming
Period	4/11/12 → 4/13/12

Fingerprint

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Cite this

Moyer, T., Jaeger, T., & McDaniel, P. (2012). Scalable integrity-guaranteed AJAX. In Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings (pp. 1-19). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7235 LNCS). https://doi.org/10.1007/978-3-642-29253-8_1

@inproceedings{333299c5bd3a42ddbf1eb2b1ea7807ba,

title = "Scalable integrity-guaranteed AJAX",

abstract = "Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.",

author = "Thomas Moyer and Trent Jaeger and Patrick McDaniel",

year = "2012",

month = "4",

day = "18",

doi = "10.1007/978-3-642-29253-8_1",

language = "English (US)",

isbn = "9783642292521",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "1--19",

booktitle = "Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings",

note = "14th Asia Pacific Web Technology Conference, APWeb 2012 ; Conference date: 11-04-2012 Through 13-04-2012",

}

Moyer, T, Jaeger, T & McDaniel, P 2012, Scalable integrity-guaranteed AJAX. in Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7235 LNCS, pp. 1-19, 14th Asia Pacific Web Technology Conference, APWeb 2012, Kunming, China, 4/11/12. https://doi.org/10.1007/978-3-642-29253-8_1

Scalable integrity-guaranteed AJAX. / Moyer, Thomas; Jaeger, Trent ; McDaniel, Patrick.

Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings. 2012. p. 1-19 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7235 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Scalable integrity-guaranteed AJAX

AU - Moyer, Thomas

AU - Jaeger, Trent

AU - McDaniel, Patrick

PY - 2012/4/18

Y1 - 2012/4/18

N2 - Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.

AB - Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.

UR - http://www.scopus.com/inward/record.url?scp=84859734387&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84859734387&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-29253-8_1

DO - 10.1007/978-3-642-29253-8_1

M3 - Conference contribution

AN - SCOPUS:84859734387

SN - 9783642292521

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 19

BT - Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings

T2 - 14th Asia Pacific Web Technology Conference, APWeb 2012

Y2 - 11 April 2012 through 13 April 2012

ER -

Access to Document

10.1007/978-3-642-29253-8_1