The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

You put a program on a concurrent server, but you don't trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6-10.9x speedup versus simply re-executing, with <10% overhead for the server.

[1]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[2]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[3]  Koen De Bosschere,et al.  RecPlay: a fully integrated practical record/replay system , 1999, TOCS.

[4]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[5]  Nickolai Zeldovich,et al.  Efficient Patch-based Auditing for Web Application Vulnerabilities , 2012, OSDI.

[6]  David Brumley,et al.  Tachyon: Tandem Execution for Efficient Live Patch Testing , 2012, USENIX Security Symposium.

[7]  Haibo Chen,et al.  ORDER: Object centRic DEterministic Replay for Java , 2011, USENIX Annual Technical Conference.

[8]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[9]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[10]  Vitaly Shmatikov,et al.  EVE: Verifying Correct Execution of Cloud-Hosted Web Applications , 2011, HotCloud.

[11]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[12]  Jade Alglave,et al.  Stability in Weak Memory Models , 2011, CAV.

[13]  Yuanyuan Zhou,et al.  PRES: probabilistic replay with execution sketching on multiprocessors , 2009, SOSP '09.

[14]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[15]  Phillip B. Gibbons,et al.  Testing Shared Memories , 1997, SIAM J. Comput..

[16]  Abhi Shelat,et al.  Full Accounting for Verifiable Outsourcing , 2017, CCS.

[17]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[18]  Danfeng Zhang,et al.  Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[19]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[20]  Ion Stoica,et al.  Automating the debugging of datacenter applications with ADDA , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[21]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[22]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[23]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[24]  Junfeng Yang,et al.  Secure Deduplication of General Computations , 2015, USENIX Annual Technical Conference.

[25]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[26]  Satish Narayanasamy,et al.  DoublePlay: parallelizing sequential logging and replay , 2011, ASPLOS XVI.

[27]  Thomas J. LeBlanc,et al.  Debugging Parallel Programs with Instant Replay , 1987, IEEE Transactions on Computers.

[28]  llsoo Ahn,et al.  Temporal Databases , 1986, Computer.

[29]  Xiaozhou Li,et al.  Analyzing consistency properties for fun and profit , 2011, PODC '11.

[30]  Adrian Perrig,et al.  CLAMP: Practical Prevention of Large-Scale Data Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[31]  Ion Stoica,et al.  ODR: output-deterministic replay for multicore debugging , 2009, SOSP '09.

[32]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[33]  Jeff Huang,et al.  LEAP: lightweight deterministic multi-processor replay of concurrent java programs , 2010, FSE '10.

[34]  Michael K. Reiter,et al.  An Execution Infrastructure for TCB Minimization , 2007 .

[35]  Mark Christiaens,et al.  A Taxonomy of Execution Replay Systems , 2003 .

[36]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[37]  Xi Wang,et al.  Improving application security with data flow assertions , 2009, SOSP '09.

[38]  Peter M. Chen,et al.  Execution replay of multiprocessor virtual machines , 2008, VEE '08.

[39]  Konstantina Papagiannaki,et al.  The ACM SIGCOMM 2009 technical program committee process , 2009, CCRV.

[40]  Pramod Bhatotia,et al.  iThreads: A Threading Library for Parallel Incremental Computation , 2015, ASPLOS.

[41]  Satish Narayanasamy,et al.  Respec: Efficient Online Multiprocessor Replay via Speculation and External Determinism , 2010, ASPLOS 2010.

[42]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[43]  Barbara Liskov,et al.  IFDB: decentralized information flow control for databases , 2013, EuroSys '13.

[44]  Xiaozhou Li,et al.  What Consistency Does Your Key-Value Store Actually Provide? , 2010, HotDep.

[45]  Jeff Huang,et al.  LEAP: lightweight deterministic multi-processor replay of concurrent java programs , 2010, SIGSOFT FSE.

[46]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[47]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[48]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[49]  Daniel Kroening,et al.  Don’t Sit on the Fence , 2013, ACM Trans. Program. Lang. Syst..

[50]  Benjamin Braun,et al.  Verifying computations with state , 2013, IACR Cryptol. ePrint Arch..

[51]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[52]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[53]  Jason Nieh,et al.  Transparent, lightweight application execution replay on commodity multiprocessor operating systems , 2010, SIGMETRICS '10.

[54]  Vyas Sekar,et al.  Towards verifiable resource accounting for outsourced computation , 2013, VEE '13.

[55]  Srdjan Capkun,et al.  Verena: End-to-End Integrity Protection for Web Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[56]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[57]  Yuanyuan Zhou,et al.  Efficient online validation with delta execution , 2009, ASPLOS.

[58]  Guillaume Pierre,et al.  Wikipedia workload analysis for decentralized hosting , 2009, Comput. Networks.

[59]  Eli Ben-Sasson,et al.  Computational Integrity with a Public Random String from Quasi-Linear PCPs , 2017, EUROCRYPT.

[60]  Andreas Haeberlen,et al.  Accountable Virtual Machines , 2010, OSDI.

[61]  Emin Gün Sirer,et al.  Logical attestation: an authorization architecture for trustworthy computing , 2011, SOSP.

[62]  Philip A. Bernstein,et al.  Formal Aspects of Serializability in Database Concurrency Control , 1979, IEEE Transactions on Software Engineering.

[63]  Nickolai Zeldovich,et al.  Intrusion recovery for database-backed web applications , 2011, SOSP.

[64]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[65]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[66]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them , 2015, Commun. ACM.

[67]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[68]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[69]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[70]  Benjamin Livshits,et al.  Ripley: automatically securing web 2.0 applications through replicated execution , 2009, CCS.

[71]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[72]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them: from theoretical possibility to near-practicality , 2013, Electron. Colloquium Comput. Complex..

[73]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[74]  Dean M. Tullsen,et al.  Data-triggered threads: Eliminating redundant computation , 2011, 2011 IEEE 17th International Symposium on High Performance Computer Architecture.

[75]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[76]  Leslie Lamport,et al.  On interprocess communication , 1986, Distributed Computing.

[77]  Tadayoshi Kohno,et al.  Detecting In-Flight Page Changes with Web Tripwires , 2008, NSDI.

[78]  Haibo Chen,et al.  Scalable deterministic replay in a parallel full-system emulator , 2013, PPoPP '13.

[79]  Ashvin Goel,et al.  Reconstructing system state for intrusion analysis , 2008, OPSR.

[80]  Sanjit A. Seshia,et al.  A design and verification methodology for secure isolated regions , 2016, PLDI.

[81]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[82]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[83]  Marc Feeley,et al.  A Taxonomy of Distributed Debuggers Based on Execution Replay , 1996, PDPTA.

[84]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[85]  Jeannette M. Wing,et al.  Testing and Verifying Concurrent Objects , 1993, J. Parallel Distributed Comput..