Intrusion recovery for database-backed web applications
Warp is a system that helps users and administrators of web applications recover from intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while preserving legitimate user changes. Warp repairs from an intrusion by rolling back parts of the database to a version before t...
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery (ACM)
2012
|
| Online Access: | http://hdl.handle.net/1721.1/73667 https://orcid.org/0000-0003-0238-2703 |
| _version_ | 1826209601142390784 |
|---|---|
| author | Chandra, Ramesh Kim, Taesoo Shah, Meelap Narula, Neha Zeldovich, Nickolai |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Chandra, Ramesh Kim, Taesoo Shah, Meelap Narula, Neha Zeldovich, Nickolai |
| author_sort | Chandra, Ramesh |
| collection | MIT |
| description | Warp is a system that helps users and administrators of web applications recover from intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while preserving legitimate user changes. Warp repairs from an intrusion by rolling back parts of the database to a version before the attack, and replaying subsequent legitimate actions. Warp allows administrators to retroactively patch security vulnerabilities---i.e., apply new security patches to past executions---to recover from intrusions without requiring the administrator to track down or even detect attacks. Warp's time-travel database allows fine-grained rollback of database rows, and enables repair to proceed concurrently with normal operation of a web application. Finally, Warp captures and replays user input at the level of a browser's DOM, to recover from attacks that involve a user's browser. For a web server running MediaWiki, Warp requires no application source code changes to recover from a range of common web application vulnerabilities with minimal user input at a cost of 24--27% in throughput and 2--3.2 GB/day in storage. |
| first_indexed | 2024-09-23T14:25:03Z |
| format | Article |
| id | mit-1721.1/73667 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T14:25:03Z |
| publishDate | 2012 |
| publisher | Association for Computing Machinery (ACM) |
| record_format | dspace |
| spelling | mit-1721.1/736672022-09-29T09:20:36Z Intrusion recovery for database-backed web applications Chandra, Ramesh Kim, Taesoo Shah, Meelap Narula, Neha Zeldovich, Nickolai Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Chandra, Ramesh Kim, Taesoo Shah, Meelap Narula, Neha Zeldovich, Nickolai Warp is a system that helps users and administrators of web applications recover from intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while preserving legitimate user changes. Warp repairs from an intrusion by rolling back parts of the database to a version before the attack, and replaying subsequent legitimate actions. Warp allows administrators to retroactively patch security vulnerabilities---i.e., apply new security patches to past executions---to recover from intrusions without requiring the administrator to track down or even detect attacks. Warp's time-travel database allows fine-grained rollback of database rows, and enables repair to proceed concurrently with normal operation of a web application. Finally, Warp captures and replays user input at the level of a browser's DOM, to recover from attacks that involve a user's browser. For a web server running MediaWiki, Warp requires no application source code changes to recover from a range of common web application vulnerabilities with minimal user input at a cost of 24--27% in throughput and 2--3.2 GB/day in storage. United States. Defense Advanced Research Projects Agency. Clean-slate design of Resilient, Adaptive, Secure Hosts (Contract N66001-10-2-4089) National Science Foundation (U.S.) (Award CNS-1053143) Quanta Computer (Firm) Google (Firm) Samsung Scholarship Foundation 2012-10-09T14:07:39Z 2012-10-09T14:07:39Z 2011-10 Article http://purl.org/eprint/type/ConferencePaper 978-1-4503-0977-6 http://hdl.handle.net/1721.1/73667 Ramesh Chandra, Taesoo Kim, Meelap Shah, Neha Narula, and Nickolai Zeldovich. 2011. Intrusion recovery for database-backed web applications. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP '11). ACM, New York, NY, USA, 101-114. https://orcid.org/0000-0003-0238-2703 en_US http://dx.doi.org/10.1145/2043556.2043567 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP '11) Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/ application/pdf Association for Computing Machinery (ACM) MIT web domain |
| spellingShingle | Chandra, Ramesh Kim, Taesoo Shah, Meelap Narula, Neha Zeldovich, Nickolai Intrusion recovery for database-backed web applications |
| title | Intrusion recovery for database-backed web applications |
| title_full | Intrusion recovery for database-backed web applications |
| title_fullStr | Intrusion recovery for database-backed web applications |
| title_full_unstemmed | Intrusion recovery for database-backed web applications |
| title_short | Intrusion recovery for database-backed web applications |
| title_sort | intrusion recovery for database backed web applications |
| url | http://hdl.handle.net/1721.1/73667 https://orcid.org/0000-0003-0238-2703 |
| work_keys_str_mv | AT chandraramesh intrusionrecoveryfordatabasebackedwebapplications AT kimtaesoo intrusionrecoveryfordatabasebackedwebapplications AT shahmeelap intrusionrecoveryfordatabasebackedwebapplications AT narulaneha intrusionrecoveryfordatabasebackedwebapplications AT zeldovichnickolai intrusionrecoveryfordatabasebackedwebapplications |