research-article

Public Access

DATS - Data Containers for Web Applications

Authors:

Lluis Vilanova,

Charalampos Papamanthou,

Mohit TiwariAuthors Info & Claims

ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 722 - 736

https://doi.org/10.1145/3173162.3173213

Published: 19 March 2018 Publication History

Abstract

Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust declassifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worst-case overheads due to application replication, and demonstrate usable performance for common-case usage.

References

[1]

Advanced multi layered unification filesystem (AUFS). http://aufs. sourceforge.net.

[2]

Celery. http://www.celeryproject.org.

[3]

CVE Details. http://www.cvedetails.com/vulnerability-list.

[4]

Docker. http://docker.com.

[5]

Recent zero-day exploits. https://www.fireeye.com/current-threats/ recent-zero-day-attacks.html.

[6]

Flask. http://flask.pocoo.org.

[7]

Gitlab security vulnerabilities. https://www.cvedetails.com/ vulnerability-list/vendor_id-13074/Gitlab.html.

[8]

20 famous websites vulnerable to cross site scripting (XSS) attack. http://thehackernews.com/2011/09/20-famous-websitesvulnerable- to-cross.html.

[9]

HITRUST alliance. https://hitrustalliance.net. {10} Linux Containers. http://linuxcontainers.org.

[10]

Mattermost security updates. https://about.mattermost.com/securityupdates/.

[11]

Mustache. http://mustache.github.io.

[12]

OWASP top ten project. https://www.owasp.org/index.php/OWASP_ Top_Ten_Project.

[13]

React - a JavaScript library for building user interfaces. http://facebook. github.io/react.

[14]

Redis. http://redis.io.

[15]

Comparison of web template engines. https://en.wikipedia.org/wiki/ Comparison_of_web_template_engines (accessed Aug 2017).

[16]

RFC 6455 - the websocket protocol. https://tools.ietf.org/html/rfc6455.

[17]

Wikipedia - SQL Injection. https://en.wikipedia.org/wiki/SQL_ injection#Examples.

[18]

The security flaws at the heart of the Panama Papers. http://www.wired.co.uk/article/panama-papers-mossack-fonsecawebsite- security-problems.

[19]

WSGI. http://wsgi.org.

[20]

D. Akhawe, F. Li,W. He, P. Saxena, and D. Song. Data-confined HTML5 applications. In Computer Security -- ESORICS, 2013.

[21]

S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe, M. L. Stillwell, D. Goltzsche, D. Eyers, R. Kapitza, P. Pietzuch, and C. Fetzer. SCONE: Secure Linux Containers with Intel SGX. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2016.

Digital Library

[22]

A. Askarov, D. Zhang, and A. C. Myers. Predictive black-box mitigation of timing channels. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2011.

Digital Library

[23]

T. H. Austin and C. Flanagan. Multiple facets for dynamic information flow. Jan. 2012.

[24]

A. Aviram, S.-C. Weng, S. Hu, and B. Ford. Efficient system-enforced deterministic parallelism. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2012.

Digital Library

[25]

S. Biswas, D. Franklin, A. Savage, R. Dixon, T. Sherwood, and F. T. Chong. Multi-execution: Multicore caching for data-similar executions. In Intl. Symp. on Computer Architecture (ISCA), June 2009.

Digital Library

[26]

M. Castro, M. Costa, and J.-P. Martin. Better bug reporting with better privacy. In Intl. Conf. on Arch. Support for Programming Languages&Operating Systems (ASPLOS), Mar. 2008.

Digital Library

[27]

Y.-Y. Chen, P. A. Jamkhedkar, and R. B. Lee. A software-hardware architecture for self-protecting data. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2012.

Digital Library

[28]

R. Cheng, W. Scott, P. Ellenbogen, J. Howell, F. Roesner, A. Krishnamurthy, and T. Anderson. Radiatus: Strong user isolation for scalable web applications. In ACM Symp. on Cloud Computing (SoCC), Oct. 2016.

[29]

W. W.-Y. Cheng. Information Flow for Secure Distributed Applications. Ph.D., MIT, Cambridge, MA, USA, Aug. 2009. Also as Technical Report MIT-CSAIL-TR-2009-040.

[30]

M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: a flexible information flow architecture for software security. In Intl. Symp. on Computer Architecture (ISCA), May 2007.

Digital Library

[31]

J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. Comm. ACM, Mar. 1966.

Digital Library

[32]

D. Devriese and F. Piersens. Noninterference through secure multiexecution. In IEEE Symp. on Security and Privacy, May 2010.

Digital Library

[33]

C. Dwork. Differential privacy. In International Colloquium on Automata, Languages and Programming (ICALP), July 2006.

Digital Library

[34]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. Oct. 2005.

[35]

A. J. Feldman, A. Blankstein, M. J. Freedman, and E. W. Felten. Social networking with frientegrity: privacy and integrity with an untrusted provider. In USENIX Security Symposium, Aug. 2012.

Digital Library

[36]

W. Felter, A. Ferreira, R. Rajamony, and J. Rubio. An updated performance comparison of virtual machines and linux containers. Technical report, IBM Research Division, July 2014.

[37]

D. B. Giffin, A. Levy, D. Stefan, D. Terei, J. Mitchell, D. Mazières, and A. Russo. Hails: Protecting data privacy in untrusted web applications. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2012.

Digital Library

[38]

J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symp. on Security and Privacy, Apr. 1982.

[39]

T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2016.

Digital Library

[40]

Intel Software Guard Extensions Programming Reference. Intel, Oct. 2014.

[41]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009.

Digital Library

[42]

M. Krohn. Information Flow Control for Secure Web Sites. PhD thesis, MIT, 2008.

Digital Library

[43]

S. Lee, E. L. Wong, D. Goel, M. Dahlin, and V. Shmatikov. - Box: A platform for privacy-preserving apps. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Apr. 2013.

Digital Library

[44]

H. M. Levy. Capability-Based Computer Systems. Digital Press, 1984.

Digital Library

[45]

N. Li, T. Li, and S. Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In Intl. Conf. on Data Engineering (ICDE), Apr. 2007.

[46]

J. Liu, M. D. George, K. Vikram, X. Qi, L.Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009.

Digital Library

[47]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In USENIX Annual Technical Conf. (ATC), 2001.

Digital Library

[48]

A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, Mar. 2007.

Digital Library

[49]

F. McSherry. Privacy integrated queries. In SIGMOD, June 2009.

Digital Library

[50]

P. Mohan, A. Thakurta, E. Shi, D. Song, and D. E. Culler. GUPT: Privacy preserving data analysis made easy. In SIGMOD, May 2012.

Digital Library

[51]

A. Nadkarni, B. Andow, W. Enck, and S. Jha. Practical DIFC enforcement on Android. In USENIX Security Symposium, Aug. 2016.

Digital Library

[52]

B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and A. Perrig. Clamp: Practical prevention of large-scale data leaks. In IEEE Symp. on Security and Privacy, May 2009.

Digital Library

[53]

B. Parno, J. M. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symp. on Security and Privacy, May 2010.

Digital Library

[54]

V. Rastogi and S. Nath. Differentially private aggregation of distributed time-series with transformation and encryption. In SIGMOD, June 2010. DATS - Data Containers for Web Applications ASPLOS'18, March 24--28, 2018, Williamsburg, VA, USA

Digital Library

[55]

I. Roy, S. T. Setty, A. Kilzer, V. Shmatikov, and E. Witchel. Airavat: Security and privacy for mapreduce. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Apr. 2010.

Digital Library

[56]

B. Russell. KVM and Docker LXC Benchmarking with Open- Stack. http://bodenr.blogspot.com/2014/05/kvm-and-docker-lxcbenchmarking- with.html.

[57]

A. Sabelfeld, A. C., and Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, Jan. 2003.

Digital Library

[58]

M. Sherr and M. Blaze. Application containers without virtual machines. In ACM workshop on Virtual machine security, Nov. 2009.

Digital Library

[59]

S. Smalley, C. Vance, and W. Salamon. Implementing SELinux as a Linux Security Module. Technical report, NAI Labs, Dec. 2001.

[60]

D. Stefan, E. Z. Yang, P. Marchenko, A. Russo, D. Herman, B. Karp, and D. Mazières. Protecting users by confining javascript with COWL. In Symp. on Operating Systems Design and Implementation (OSDI), Oct. 2014.

Digital Library

[61]

E. Stefanov, M. van Dijk, A. Juels, and A. Oprea. Iris: a scalable cloud file system with efficient integrity checks. In Annual Computer Security Applications Conference (ACSAC), Dec. 2010.

Digital Library

[62]

L. Sweeney. k-anonimity: A model for protecting privacy. International Journal on Uncertaint, Fuzziness and Knowledge-based Systems, Oct. 2002.

Digital Library

[63]

M. Tiwari, P. Mohan, A. Osheroff, H. Alkaff, E. Shi, E. Love, D. Song, and K. Asanovi?. Context-centric security. In Proceedings of the 7th USENIX Workshop on Hot Topics in Security, Aug. 2012.

Digital Library

[64]

B. C. Vattikonda, S. Das, and H. Shacham. Eliminating fine grained timers in Xen (short paper). In Proceedings of CCSW 2011, Oct. 2011.

Digital Library

[65]

L. Vilanova, M. Ben-Yehuda, N. Navarro, Y. Etsion, and M. Valero. CODOMs: Protecting software with code-centric memory domains. In Intl. Symp. on Computer Architecture (ISCA), June 2014.

Digital Library

[66]

L. Vilanova, M. Jordà, N. Navarro, Y. Etsion, and M. Valero. Direct interprocess communication (dipc): Repurposing the codoms architecture to accelerate ipc. In European Conference on Computer Systems (EuroSys), Apr. 2017.

Digital Library

[67]

D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, Sept. 2009.

Digital Library

[68]

R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway. Capsicum: practical capabilities for UNIX. In USENIX Security Symposium, Aug. 2010.

Digital Library

[69]

R. N. M.Watson, J.Woodruff, P. G. Neumann, S.W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. CHERI: A hybrid capabilitysystem architecture for scalable software compartmentalization. In IEEE Symp. on Security and Privacy, May 2015.

Digital Library

[70]

Y. Xu and E. Witchel. Maxoid: Transparently confining mobile applications with custom views of state. In European Conference on Computer Systems (EuroSys), Apr. 2015.

Digital Library

[71]

Y. Xu and E. Witchel. Earp: Principled storage, sharing, and protection for mobile apps. In USENIX Symp. on Networked Systems Design and Implementation (NSDI), Mar. 2016.

Digital Library

[72]

Y. Xu, A. M. Dunn, O. S. Hofmann, M. Z. Lee, S. A. Mehdi, and E. Witchel. Application-defined decentralized access control. In USENIX Annual Technical Conf. (ATC), June 2014.

Digital Library

[73]

J. Yang, K. Yessenov, and A. Solar-Lezama. Alanguage for automatically enforcing privacy policies. Jan. 2012.

[74]

A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In ACM Symp. on Operating Systems Principles (SOSP), Oct. 2009.

Digital Library

[75]

S. Zdancewic and A. C. Myers. Robust declassification. In IEEE Computer Security Foundations Workshop, June 2001.

Digital Library

[76]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In Symp. on Operating Systems Design and Implementation (OSDI), Nov. 2006.

Digital Library

[77]

N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware enforcement of application security policies using tagged memory. In Symp. on Operating Systems Design and Implementation (OSDI), Dec. 2008.

Digital Library

[78]

Y. Zhang, J. Katz, and C. Papamanthou. Integridb: Verifiable sql for outsourced databases. In ACM Conf. on Computer&Communications Security (CCS), Oct. 2015.

Digital Library

Cited By

Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
van der Hagen MLucia BFalsafi BFerdman MLu SWenisch T(2022)Client-optimized algorithms and acceleration for encrypted compute offloadingProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507737(683-696)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507737
Lee GKim BSong SKim CKim JKim H(2021)Precise Correlation Extraction for IoT Fault Detection With Concurrent ActivitiesACM Transactions on Embedded Computing Systems10.1145/347702520:5s(1-21)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3477025
Show More Cited By

Index Terms

DATS - Data Containers for Web Applications
1. Security and privacy

Recommendations

DATS - Data Containers for Web Applications
ASPLOS '18

Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose ...
Instant Lift Web Applications
Docker Containers (includes Content Update Program): Build and Deploy with Kubernetes, Flannel, Cockpit, and Atomic

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

March 2018

827 pages

ISBN:9781450349116

DOI:10.1145/3173162

General Chairs:
Xipeng Shen
North Carolina State University, USA
,
James Tuck
North Carolina State University, USA
,
Program Chairs:
Ricardo Bianchini
Microsoft Research, USA
,
Vivek Sarkar
Georgia Institute of Technology, USA

ACM SIGPLAN Notices Volume 53, Issue 2
ASPLOS '18
February 2018
809 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296957
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Union
NSF

Conference

ASPLOS '18

Sponsor:

ASPLOS '18: Architectural Support for Programming Languages and Operating Systems

March 24 - 28, 2018

VA, Williamsburg, USA

Acceptance Rates

ASPLOS '18 Paper Acceptance Rate 56 of 319 submissions, 18%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
775
Total Downloads

Downloads (Last 12 months)172
Downloads (Last 6 weeks)24

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
van der Hagen MLucia BFalsafi BFerdman MLu SWenisch T(2022)Client-optimized algorithms and acceleration for encrypted compute offloadingProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507737(683-696)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507737
Lee GKim BSong SKim CKim JKim H(2021)Precise Correlation Extraction for IoT Fault Detection With Concurrent ActivitiesACM Transactions on Embedded Computing Systems10.1145/347702520:5s(1-21)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3477025
Lee GKim BSong SHeo SKim H(2021)ComFlex: Composable and Flexible Resource Management for the IoTIEEE Internet of Things Journal10.1109/JIOT.2020.30228738:22(16406-16417)Online publication date: 15-Nov-2021
https://doi.org/10.1109/JIOT.2020.3022873
Safari HSabri NShahsavan FBahrak B(2020)An Analysis of GitLab's Users and Projects Networks2020 10th International Symposium onTelecommunications (IST)10.1109/IST50524.2020.9345844(194-200)Online publication date: 15-Dec-2020
https://doi.org/10.1109/IST50524.2020.9345844
Zhu HGehrmann CRoth P(2023)Access Security Policy Generation for Containers as a Cloud ServiceSN Computer Science10.1007/s42979-023-02186-14:6Online publication date: 28-Sep-2023
https://doi.org/10.1007/s42979-023-02186-1
Zhu HGehrmann C(2021)Lic-Sec: An enhanced AppArmor Docker security profile generatorJournal of Information Security and Applications10.1016/j.jisa.2021.10292461(102924)Online publication date: Sep-2021
https://doi.org/10.1016/j.jisa.2021.102924
Casalicchio EIannucci S(2020)The state‐of‐the‐art in container technologies: Application, orchestration and securityConcurrency and Computation: Practice and Experience10.1002/cpe.566832:17Online publication date: 19-Jan-2020
https://doi.org/10.1002/cpe.5668

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents