Single-Use Servers: A Generalized Design for Eliminating the Confused Deputy Problem in Networked Services

Lanson, Julian P.

11 May 2020

Internet application servers are currently designed to maximize resource efficiency by servicing many thousands of users that may fall within disparate privilege classes. Pooling users into a shared execution context in this way enables adversaries not only to laterally propagate attacks against other clients, but also to use the application server as a "confused deputy" to gain escalated privileges against sensitive backend data. In this work, we present the Single-use Server (SuS) model, which detects and defeats these attacks by separating users into isolated, containerized application servers with tailored backend permissions. In this model, exploited servers no longer have unfettered access to the backend data or other users. We create a prototype implementation of the SuS model for the WordPress content management system and demonstrate our model's ability to neutralize real-world exploits against vulnerable WordPress versions. We find that the SuS model achieves a high level of security while minimizing the amount of code modification required for porting an application server. In our performance evaluation, we find that the CPU and latency overheads of the SuS model are very low, and memory consumption scales linearly. We generalize the SuS model to be applicable to a wide range of application server and backend resource pairs. With our modularized codebase, we port IMAP, a widely-used mail retrieval protocol, to the SuS model and find that doing so requires minimal effort.

network security

containerization

privilege escalation

confused deputy

user isolation

Cloud application platform - Virtualization vs Containerization : A comparison between application containers and virtual machines

Vestman, Simon

January 2017

Context. As the number of organizations using cloud application platforms to host their applications increases, the priority of distributing physical resources within those platforms is increasing simultaneously. The goal is to host a higher quantity of applications per physical server, while at the same time retain a satisfying rate of performance combined with certain scalability. The modern needs of customers occasionally also imply an assurance of certain privacy for their applications. Objectives. In this study two types of instances for hosting applications in cloud application platforms, virtual machines and application containers, are comparatively analyzed. This investigation has the goal to expose advantages and disadvantages between the instances in order to determine which is more appropriate for being used in cloud application platforms, in terms of performance, scalability and user isolation. Methods. The comparison is done on a server running Linux Ubuntu 16.04. The virtual machine is created using Devstack, a development environment of Openstack, while the application container is hosted by Docker. Each instance is running an apache web server for handling HTTP requests. The comparison is done by using different benchmark tools for different key usage scenarios and simultaneously observing the resource usage in respective instance. Results. The results are produced by investigating the user isolation and resource occupation of respective instance, by examining the file system, active process handling and resource allocation after creation. Benchmark tools are executed locally on respective instance, for a performance comparison of the usage of physical resources. The amount of CPU operations executed within a given time is measured in order determine the processor performance, while the speed of read and write operations to the main memory is measured in order to determine the RAM performance. A file is also transmitted between host server and application in order to compare the network performance between respective instance, by examining the transfer speed of the file. Lastly a set of benchmark tools are executed on the host server to measure the HTTP server request handling performance and scalability of each instance. The amount of requests handled per second is observed, but also the resource usage for the request handling at an increasing rate of served requests and clients. Conclusions. The virtual machine is a better choice for applications where privacy is a higher priority, due to the complete isolation and abstraction from the rest of the physical server. Virtual machines perform better in handling a higher quantity of requests per second, while application containers is faster in transferring files through network. The container requires a significantly lower amount of resources than the virtual machine in order to run and execute tasks, such as responding to HTTP requests. When it comes to scalability the prefered type of instance depends on the priority of key usage scenarios. Virtual machines have quicker response time for HTTP requests but application containers occupy less physical resources, which makes it logically possible to run a higher quantity of containers than virtual machines simultaneously on the same physical server.

Openstack

Docker

Simon Vestman

Malvacom

Malvacom AB

Application container

virtual machine

performance

scalability

comparison

user isolation

abstraction

resource allocation

containerization

virtualization

cloud application platform

platform as a service

CPU

RAM

efficiency

request handling

Computer Systems

Datorsystem