论文信息 - Identifying Information Disclosure in Web Applications with Retroactive Auditing

Identifying Information Disclosure in Web Applications with Retroactive Auditing

RAIL is a framework for building web applications that can precisely identify inappropriately disclosed data after a vulnerability is discovered. To do so, RAIL introduces retroactive disclosure auditing: re-running the application with previous inputs once the vulnerability is fixed, to determine what data should have been disclosed. A key challenge for RAIL is to reconcile state divergence between the original and replay executions, so that the differences between executions precisely correspond to inappropriately disclosed data. RAIL provides application developers with APIs to address this challenge, by identifying sensitive data, assigning semantic names to non-deterministic inputs, and tracking dependencies. Results from a prototype of RAIL built on top of the Meteor framework show that RAIL can quickly and precisely identify data disclosure from complex attacks, including programming bugs, administrative mistakes, and stolen passwords. RAIL incurs up to 22% throughput overhead and 0.5 KB storage overhead per request. Porting three existing web applications required fewer than 25 lines of code changes per application.

Xi Wang | M. Frans Kaashoek | Nickolai Zeldovich | Taesoo Kim | Haogang Chen

[1] Nickolai Zeldovich,et al. Efficient Patch-based Auditing for Web Application Vulnerabilities , 2012, OSDI.

[2] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[3] Landon P. Cox,et al. TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[4] Nickolai Zeldovich,et al. Intrusion recovery for database-backed web applications , 2011, SOSP.

[5] Ramakrishna Kotla,et al. Pasture: Secure Offline Data Access Using Commodity Trusted Hardware , 2012, OSDI.

[6] Hari Balakrishnan,et al. Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.

[7] Xi Wang,et al. Intrusion Recovery Using Selective Re-execution , 2010, OSDI.

[8] Nickolai Zeldovich,et al. Asynchronous intrusion recovery for interconnected web services , 2013, SOSP.

[9] Samuel T. King,et al. Backtracking intrusions , 2003, SOSP '03.

[10] Roxana Geambasu,et al. Keypad: an auditing file system for theft-prone devices , 2011, EuroSys '11.

[11] David A. Patterson,et al. Undo for Operators: Building an Undoable E-mail Store , 2003, USENIX Annual Technical Conference, General Track.

[12] Xi Wang,et al. Retroactive auditing , 2011, APSys.