Scalable integrity-guaranteed AJAX

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Interactive web systems are the de facto vehicle for implementing sensitive applications, e.g., personal banking, business workflows. Existing web services provide little protection against compromised servers, leaving users to blindly trust that the system is functioning correctly, without being able to verify this trust. Document integrity systems support stronger guarantees by binding a document to the (non-compromised) integrity state of the machine from whence it was received, at the cost of substantially higher latencies. Such latencies render interactive applications unusable. This paper explores cryptographic constructions and systems designs for providing document integrity in AJAX-style interactive web systems. The Sporf systems exploits pre-computation to offset runtime costs to support negligible latencies. We detail the design of an Apache-based server supporting content integrity proofs, and perform a detailed empirical study of realistic web workloads. Our evaluation shows that a software-only solution results in latencies of just over 200 milliseconds on a loaded system. An analytical model reveals that with a nominal hardware investment, the latency can be lowered to just over 81 milliseconds, achieving nearly the same throughput as an unmodified system.

Original languageEnglish (US)
Title of host publicationWeb Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings
Pages1-19
Number of pages19
DOIs
Publication statusPublished - Apr 18 2012
Event14th Asia Pacific Web Technology Conference, APWeb 2012 - Kunming, China
Duration: Apr 11 2012Apr 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7235 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other14th Asia Pacific Web Technology Conference, APWeb 2012
CountryChina
CityKunming
Period4/11/124/13/12

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Moyer, T., Jaeger, T., & McDaniel, P. (2012). Scalable integrity-guaranteed AJAX. In Web Technologies and Applications - 14th Asia-Pacific Web Conference, APWeb 2012, Proceedings (pp. 1-19). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7235 LNCS). https://doi.org/10.1007/978-3-642-29253-8_1