Intrusion recovery for database-backed web applications
SOSP(2011)
摘要
Warp is a system that helps users and administrators of web applications recover from intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while preserving legitimate user changes. Warp repairs from an intrusion by rolling back parts of the database to a version before the attack, and replaying subsequent legitimate actions. Warp allows administrators to retroactively patch security vulnerabilities---i.e., apply new security patches to past executions---to recover from intrusions without requiring the administrator to track down or even detect attacks. Warp's time-travel database allows fine-grained rollback of database rows, and enables repair to proceed concurrently with normal operation of a web application. Finally, Warp captures and replays user input at the level of a browser's DOM, to recover from attacks that involve a user's browser. For a web server running MediaWiki, Warp requires no application source code changes to recover from a range of common web application vulnerabilities with minimal user input at a cost of 24--27% in throughput and 2--3.2 GB/day in storage.
更多查看译文
关键词
database row,database-backed web application,application source code change,warp repair,intrusion recovery,replays user input,legitimate user change,common web application vulnerability,web server,web application,warp capture,minimal user input,normal operator,source code,classification,quality of service,sql injection
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络