Radiatus: Strong User Isolation for Scalable Web Applications

نویسندگان

  • Raymond Cheng
  • Will Scott
  • Paul Ellenbogen
  • Jon Howell
  • Thomas Anderson
چکیده

Web applications are a frequent target of successful attacks. The damage is amplified by the fact that application code is responsible for security enforcement in most web frameworks. In this paper we design and implement Radiatus, a web framework where all applicationspecific computation running on the server is executed within a sandbox with the privileges of the end-user. By strongly isolating users we protect user data and service availability from application vulnerabilities. To make Radiatus practical on modern web applications, we introduce a distributed capabilities system to protect data at scale across the many distributed services that compose a modern web application. We show how this model protects applications from a large class of vulnerabilities, without compromising performance.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Client-Server Interaction in GIS Applications Through Web Services

Web services have been developed and deployed for GIS applications. Client-server interaction in such applications is limited by the service provider, such as ArcWeb Service. This paper will discuss the needs from service requester which lead to the exploration on the design and manipulation of Web Service interface. It is likely that GIS Web Service promotes the separation of spatial feature a...

متن کامل

HBaseSI: Multi-row Distributed Transactions with Global Strong Snapshot Isolation on Clouds

This paper presents the “HBaseSI” client library, which provides global strong snapshot isolation (SI) for multi-row distributed transactions in HBase. This is the first strong SI mechanism developed for HBase. HBaseSI uses novel methods in handling distributed transactional management autonomously by individual clients. These methods greatly simplify the design of HBaseSI and can be generalize...

متن کامل

ایجاد نیمه خودکار مشاپ های سازمانی با استفاده از توصیفات معنایی

Mashups are next generation of web applications. A mashup is a lightweight web application that is created by combining information or capabilities from more than one existing resources to deliver a new and integrated experience to the user. Mashups introduce a new class of integration techniques in enterprises for implementing situational applications (i.e. applications that come together to s...

متن کامل

Scalable text classification as a tool for personalization

We consider scalability issues of the text classification problem where by using (multi)-labeled training documents, we try to build classifiers that assign documents into classes permitting classification in multiple classes. A new class of classification problems; called ‘scalable’, is introduced, with applications on web mining. Scalable classification utilizes newly classified instances in ...

متن کامل

The Active Information System (AIS): A Model for Developing Scalable Web Services

ABSTRACT The World Wide Web has become a primary venue for disseminating information to large numbers of users. From news stories, to music videos, to driving directions, more and more people are turning to the web to nd information they need in their day-to-day lives. As web-based services become more complex, the traditional web model is becoming insufcient. There is an increasing demand for ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014