Presentation is loading. Please wait.

Presentation is loading. Please wait.

A UTOMATICALLY SECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION K. Vikram, Abhishek Prateek, Ben Livshits.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A UTOMATICALLY SECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION K. Vikram, Abhishek Prateek, Ben Livshits."— Presentation transcript:

1 A UTOMATICALLY SECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION K. Vikram, Abhishek Prateek, Ben Livshits

2 Web Developer’s Mantra Thou shall not trust the client No data integrity No code integrity

3 Security vs. Performance responsiveness security Web 1.0: ASP.NET PHP Web 2.0: AJAX Silverlight Ripley With Ripley, placing computation on the client does not reduce computational integrity

4 The Volta Distributing Compiler http://volta/ IL-to-IL IL-to-JS Server Client JS.NET DLL

5 Client Volta Deployment Server Client

6 Ripley Architecture

7 1.Keep a replica of the client code 2.Capture user events & transmit to server for replay 3.Compare server and client results Server Replica Client Ripley checker events = {key: ‘a’, id=‘name’; click: id=‘name’} m' m e

8 Ripley Architecture 1.Keep a replica of the client code 2.Capture user events & transmit to server for replay 3.Compare server and client results Ripley checker events = {key: ‘a’, id=‘name’; click: id=‘name’} m' m e Client Client-side code instrumented Rewrite event handlers Capture “default” events Buffer events for performance Server Replica button.onClick = function buttonHandler(e) { var obj = eventTrigger(e); var notify = document.getElementById && document.getElementById('notify'); notify.value = 'You clicked on ' + obj.value; return true; }; button.onClick = function buttonHandler(e) { ripleyEnqueue(e); // inserted by rewriting var obj = eventTrigger(e); var notify = document.getElementById && document.getElementById('notify'); notify.value = 'You clicked on ' + obj.value; return true; };

9 Ripley Architecture 1.Keep a replica of the client code 2.Capture user events & transmit to server for replay 3.Compare server and client results Client Ripley checker events = {key: ‘a’, id=‘name’; click: id=‘name’} m' m e Server Replica Run replica in a Ripley emulator Run in.NET, not in JavaScript, 100x speed increase

10 Experimental Evaluation

11 Ripley Applications Shopping cart Sudoku Blog Speed typing Online Quiz Distributed online game http://ll-ripley/ripley-samples

12 Performance Overhead Summary

13 Ripley: Vision for the Future Secure-by-construction Software + Services Ripley server farm Web 2.0 App

14 The End.

Download ppt "A UTOMATICALLY SECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION K. Vikram, Abhishek Prateek, Ben Livshits."

Similar presentations

Database Architectures and the Web

Database Architectures and the Web
JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***

JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***
Building Applications using ASP.NET and C# / Session 1 / 1 of 21 Session 1.

Building Applications using ASP.NET and C# / Session 1 / 1 of 21 Session 1.
What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.

What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.
IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.

IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.
S ECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION Ben Livshits Microsoft Research K. Vikram Cornell University Abhishek Prateek IIT Delhi.

S ECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION Ben Livshits Microsoft Research K. Vikram Cornell University Abhishek Prateek IIT Delhi.
Ben Livshits and Emre Kiciman Microsoft Research Redmond, WA.

Ben Livshits and Emre Kiciman Microsoft Research Redmond, WA.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 1.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 1.
Cloud Computing Lecture #7 Introduction to Ajax Jimmy Lin The iSchool University of Maryland Wednesday, October 15, 2008 This work is licensed under a.

Cloud Computing Lecture #7 Introduction to Ajax Jimmy Lin The iSchool University of Maryland Wednesday, October 15, 2008 This work is licensed under a.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 2013 Technical Preview and published July 2012. Introducing.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 2013 Technical Preview and published July Introducing.
Joe Hummel, PhD Dept of Mathematics and Computer Science Lake Forest College Lecture 8: WebForms — Web-based.

Joe Hummel, PhD Dept of Mathematics and Computer Science Lake Forest College Lecture 8: WebForms — Web-based.
Web Programming – Java Script Association of Computing Activities Computer Science and Engineering Indian Institute of Technology Kanpur.

Web Programming – Java Script Association of Computing Activities Computer Science and Engineering Indian Institute of Technology Kanpur.
Server- Side technologies Client-side vs. Server-side scripts PHP basic ASP.NET basic ColdFusion.

Server- Side technologies Client-side vs. Server-side scripts PHP basic ASP.NET basic ColdFusion.
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
ASP.NET  ASP.NET is a web development platform, which provides a programming model, a comprehensive software infrastructure and various services required.

ASP.NET  ASP.NET is a web development platform, which provides a programming model, a comprehensive software infrastructure and various services required.
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.

Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
Introduction to Internet Programming (Web Based Application)

Introduction to Internet Programming (Web Based Application)

Similar presentations

Ads by Google