Hi-sap: Secure and Scalable Web Server System for Shared Hosting Services

We propose Hi-sap, a Web server system that solves internal security problems in a server used for shared hosting services and that achieves high site-number scalability with little performance degradation. Customers are often exposed to internal attacks, i.e., malicious customers illegally access other customers’ files. Existing approaches solve a portion of this problem, but they are not enough from the view point of performance, site-number scalability, or generality. The proposed system protects customers’ files by isolating them in separate security domains, “partitions” that are unit of protection, using a secure OS facility. A default partition is a Web site, and each partition has a Web server instance that runs under the privilege of an individual user and serves files in the partition. Since the Web servers reuse server processes and can run without the burden of a security mechanism themselves, there is little performance degradation. In addition, since Hi-sap dynamically controls the number of Web servers, the number of partitions in a server is scalable. We implemented Hi-sap on a Linux OS and evaluated its effectiveness. Experimental results show that Hi-sap has up to 14.3 times the performance of suEXEC and achieves high scalability of 1000 sites per server.

[1]  David Mosberger,et al.  httperf—a tool for measuring web server performance , 1998, PERV.

[2]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[3]  George Varghese,et al.  Difference engine , 2010, OSDI.

[4]  Steven Hand,et al.  Satori: Enlightened Page Sharing , 2009, USENIX Annual Technical Conference.

[5]  Yasushi Shinjo,et al.  General virtual hosting via lightweight user-level visualization , 2005, The 2005 Symposium on Applications and the Internet.

[6]  John McLean,et al.  The algebra of security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[7]  Jeff Dike,et al.  A user-mode port of the Linux kernel , 2000, Annual Linux Showcase & Conference.

[8]  Michael Vrable,et al.  Scalability, fidelity, and containment in the potemkin virtual honeyfarm , 2005, SOSP '05.

[9]  Richard Vidgen,et al.  Content, content, everywhere...time to stop and think? The process of Web content management , 2002 .

[10]  William Badke,et al.  Content, Content Everywhere , 2010 .

[11]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[12]  Robert N. M. Watson,et al.  Jails: confining the omnipotent root , 2000 .

[13]  Ryota Ozaki,et al.  Harache: A WWW Server Running with the Authority of the File Owner , 2005 .

[14]  Andreas Grünbacher,et al.  POSIX Access Control Lists on Linux , 2003, USENIX Annual Technical Conference, FREENIX Track.

[15]  Steven Glassman,et al.  A Caching Relay for the World Wide Web , 1994, Comput. Networks ISDN Syst..

[16]  Daisuke Hara,et al.  Secure and high-performance Web server system for shared hosting service , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[17]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[18]  MosbergerDavid,et al.  httperfa tool for measuring web server performance , 1998 .

[19]  Marianne Shaw,et al.  Denali: Lightweight Virtual Machines for Distributed and Networked Applications , 2001 .