POSTER: CRYPTSERVER: strong data protection in commodity LAMP servers

Authors:
Zhaofeng Chen;Xinshu Dong;Prateek Saxena;Zhenkai Liang
Affiliations:
Peking University, Beijing, China;National University of Singapore, Singapore, Singapore;National University of Singapore, Singapore, Singapore;National University of Singapore, Singapore, Singapore
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 9
Cited 0

Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
CLAMP: Practical Prevention of Large-Scale Data Leaks

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Making Linux protection mechanisms egalitarian with UserFS

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Diesel: applying privilege separation to database access

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Silverline: toward data confidentiality in storage-intensive cloud applications

Proceedings of the 2nd ACM Symposium on Cloud Computing
CryptDB: protecting confidentiality with encrypted query processing

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern web applications store sensitive data on their servers. Such data is prone to theft resulting from exploits against vulnerabilities in the server software stacks. In this work, we propose a new architecture for web servers, called CryptServer, in which we pre-determine and fix a small amount of application code that can compute over sensitive data. By encrypting sensitive data before making it available to the rest of untrusted application code, CryptServer provides strong defense against all malicious code that an attacker may run in the server software stack. As a step towards making this approach practical, we develop an assistance tool to identify the portion of server-side logic that requires computation over sensitive data. Our preliminary results show that the size of such logic is small in six popular web applications we study. To the extent of our evaluation, converting these applications to a CryptServer architecture requires modest developer effort.