Radiatus : Strong User Isolation for Scalable Web Applications

Web applications are a frequent target of successful attacks. The damage is amplified by the fact that application code is responsible for security enforcement in most web frameworks. In this paper we design and implement Radiatus, a web framework where all applicationspecific computation running on the server is executed within a sandbox with the privileges of the end-user. By strongly isolating users we protect user data and service availability from application vulnerabilities. To make Radiatus practical on modern web applications, we introduce a distributed capabilities system to protect data at scale across the many distributed services that compose a modern web application. We show how this model protects applications from a large class of vulnerabilities, without compromising performance.

[1]  Richard E. Schantz,et al.  The Cronus distributed operating system , 1986, EW 2.

[2]  Andrew R. Cherenson,et al.  The Sprite network operating system , 1988, Computer.

[3]  K. S. Ramesh Design and development of MINIX distributed operating system , 1988, CSC '88.

[4]  Robbert van Renesse,et al.  Amoeba A Distributed Operating System for the 1990 s Sape , 1990 .

[5]  Fred Douglis,et al.  Transparent process migration: Design alternatives and the sprite implementation , 1991, Softw. Pract. Exp..

[6]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[7]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[8]  Douglas K. Barry,et al.  Solving the Java Object Storage Problem , 1998, Computer.

[9]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[10]  Marianne Shaw,et al.  Scale and performance in the Denali isolation kernel , 2002, OSDI '02.

[11]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[12]  Maxwell N. Krohn,et al.  Building Secure High-Performance Web Services with OKWS , 2004, USENIX Annual Technical Conference, General Track.

[13]  Herbert Bos,et al.  MINIX 3: a highly reliable, self-repairing operating system , 2006, OPSR.

[14]  Dirk Fox,et al.  Open Web Application Security Project , 2006, Datenschutz und Datensicherheit - DuD.

[15]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[16]  Helen J. Wang,et al.  MashupOS: Operating System Abstractions for Client Mashups , 2007, HotOS.

[17]  Helen J. Wang,et al.  Protection and communication abstractions for web browsers in MashupOS , 2007, SOSP.

[18]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[19]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[20]  Galen C. Hunt,et al.  Helios: heterogeneous multiprocessing with satellite kernels , 2009, SOSP '09.

[21]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[22]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[23]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[24]  Bob Martin,et al.  2010 CWE/SANS Top 25 Most Dangerous Software Errors , 2010 .

[25]  Lambert M. Surhone,et al.  Node.js , 2010 .

[26]  Hao Chen,et al.  DBTaint: Cross-Application Information Flow Tracking via Databases , 2010, WebApps.

[27]  Nickolai Zeldovich,et al.  Separating Web Applications from User Data Storage with BSTORE , 2010, WebApps.

[28]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[29]  Patrick Mutchler,et al.  GuardRails: A Data-Centric Web Application Security Framework , 2011, WebApps.

[30]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[31]  Peter R. Pietzuch,et al.  PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks , 2011, WebApps.

[32]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[33]  James W. Mickens,et al.  Atlantis: robust, extensible execution environments for web applications , 2011, SOSP '11.

[34]  Deian Stefan,et al.  Hails: Protecting Data Privacy in Untrusted Web Applications , 2012, OSDI.

[35]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[36]  Naga Praveen Kumar Katta,et al.  JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts , 2012, WebApps.

[37]  Vitaly Shmatikov,et al.  πBox: A Platform for Privacy-Preserving Apps , 2013 .

[38]  Jon Howell,et al.  Embassies: Radically Refactoring the Web , 2013, NSDI.

[39]  Michael J. Freedman,et al.  Automating Isolation and Least Privilege in Web Services , 2014, 2014 IEEE Symposium on Security and Privacy.

[40]  Hari Balakrishnan,et al.  Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.