| dc.contributor.author | Chandra, Ramesh | |
| dc.contributor.author | Kim, Taesoo | |
| dc.contributor.author | Zeldovich, Nickolai | |
| dc.date.accessioned | 2014-11-05T21:33:14Z | |
| dc.date.available | 2014-11-05T21:33:14Z | |
| dc.date.issued | 2013 | |
| dc.identifier.isbn | 9781450323888 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/91473 | |
| dc.description.abstract | Recovering from attacks in an interconnected system is difficult, because an adversary that gains access to one part of the system may propagate to many others, and tracking down and recovering from such an attack requires significant manual effort. Web services are an important example of an interconnected system, as they are increasingly using protocols such as OAuth and REST APIs to integrate with one another. This paper presents Aire, an intrusion recovery system for such web services. Aire addresses several challenges, such as propagating repair across services when some servers may be unavailable, and providing appropriate consistency guarantees when not all servers have been repaired yet. Experimental results show that Aire can recover from four realistic attacks, including one modeled after a recent Facebook OAuth vulnerability; that porting existing applications to Aire requires little effort; and that Aire imposes a 19--30% CPU overhead and 6--9 KB/request storage cost for Askbot, an existing web application. | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (NSF award CNS-1053143) | en_US |
| dc.description.sponsorship | United States. Defense Advanced Research Projects Agency (DARPA Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program under contract #N66001-10-2-4089) | en_US |
| dc.language.iso | en_US | |
| dc.publisher | Association for Computing Machinery | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1145/2517349.2522725 | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | MIT web domain | en_US |
| dc.title | Asynchronous intrusion recovery for interconnected web services | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Chandra, Ramesh, Taesoo Kim, and Nickolai Zeldovich. “Asynchronous Intrusion Recovery for Interconnected Web Services.” Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles - SOSP ’13 (2013), Nov. 3-6, 2013, Farminton, Pennsylvania, USA. ACM. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.contributor.mitauthor | Chandra, Ramesh | en_US |
| dc.contributor.mitauthor | Kim, Taesoo | en_US |
| dc.contributor.mitauthor | Zeldovich, Nickolai | en_US |
| dc.relation.journal | Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles - SOSP '13 | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dspace.orderedauthors | Chandra, Ramesh; Kim, Taesoo; Zeldovich, Nickolai | en_US |
| dc.identifier.orcid | https://orcid.org/0000-0003-0238-2703 | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
| mit.metadata.status | Complete | |
