Show simple item record

dc.contributor.authorChandra, Ramesh
dc.contributor.authorKim, Taesoo
dc.contributor.authorZeldovich, Nickolai
dc.date.accessioned2014-11-05T21:33:14Z
dc.date.available2014-11-05T21:33:14Z
dc.date.issued2013
dc.identifier.isbn9781450323888
dc.identifier.urihttp://hdl.handle.net/1721.1/91473
dc.description.abstractRecovering from attacks in an interconnected system is difficult, because an adversary that gains access to one part of the system may propagate to many others, and tracking down and recovering from such an attack requires significant manual effort. Web services are an important example of an interconnected system, as they are increasingly using protocols such as OAuth and REST APIs to integrate with one another. This paper presents Aire, an intrusion recovery system for such web services. Aire addresses several challenges, such as propagating repair across services when some servers may be unavailable, and providing appropriate consistency guarantees when not all servers have been repaired yet. Experimental results show that Aire can recover from four realistic attacks, including one modeled after a recent Facebook OAuth vulnerability; that porting existing applications to Aire requires little effort; and that Aire imposes a 19--30% CPU overhead and 6--9 KB/request storage cost for Askbot, an existing web application.en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (NSF award CNS-1053143)en_US
dc.description.sponsorshipUnited States. Defense Advanced Research Projects Agency (DARPA Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program under contract #N66001-10-2-4089)en_US
dc.language.isoen_US
dc.publisherAssociation for Computing Machineryen_US
dc.relation.isversionofhttp://dx.doi.org/10.1145/2517349.2522725en_US
dc.rightsCreative Commons Attribution-Noncommercial-Share Alikeen_US
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en_US
dc.sourceMIT web domainen_US
dc.titleAsynchronous intrusion recovery for interconnected web servicesen_US
dc.typeArticleen_US
dc.identifier.citationChandra, Ramesh, Taesoo Kim, and Nickolai Zeldovich. “Asynchronous Intrusion Recovery for Interconnected Web Services.” Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles - SOSP ’13 (2013), Nov. 3-6, 2013, Farminton, Pennsylvania, USA. ACM.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.mitauthorChandra, Rameshen_US
dc.contributor.mitauthorKim, Taesooen_US
dc.contributor.mitauthorZeldovich, Nickolaien_US
dc.relation.journalProceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles - SOSP '13en_US
dc.eprint.versionAuthor's final manuscripten_US
dc.type.urihttp://purl.org/eprint/type/ConferencePaperen_US
eprint.statushttp://purl.org/eprint/status/NonPeerRevieweden_US
dspace.orderedauthorsChandra, Ramesh; Kim, Taesoo; Zeldovich, Nickolaien_US
dc.identifier.orcidhttps://orcid.org/0000-0003-0238-2703
mit.licenseOPEN_ACCESS_POLICYen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record