n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications

10/18/2019
by   Isaac Polinsky, et al.
0

Web servers are a popular target for adversaries as they are publicly accessible and often vulnerable to compromise. Compromises can go unnoticed for months, if not years, and recovery often involves a complete system rebuild. In this paper, we propose n-m-Variant Systems, an adversarial-resistant software rejuvenation framework for cloud-based web applications. We improve the state-of-the-art by introducing a variable m that provides a knob for administrators to tune an environment to balance resource usage, performance overhead, and security guarantees. Using m, security guarantees can be tuned for seconds, minutes, days, or complete resistance. We design and implement an n-m-Variant System prototype to protect a Mediawiki PHP application serving dynamic content from an external SQL persistent storage. Our performance evaluation shows a throughput reduction of 65 and 83 appropriate resource allocation. Furthermore, we use theoretical analysis and simulation to characterize the impact of system parameters on resilience to adversaries. Through these efforts, our work demonstrates how properties of cloud-based servers can enhance the integrity of Web servers.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/31/2020

Cloud-scale VM Deflation for Running Interactive Applications On Transient Servers

Transient computing has become popular in public cloud environments for ...
research
04/30/2021

WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines

Trust is of paramount concern for tenants to deploy their security-sensi...
research
02/15/2022

GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments

The majority of cloud providers offers users the possibility to deploy T...
research
12/28/2020

IRO: Integrity and Reliability Enhanced Ring ORAM

Memory security and reliability are two of the major design concerns in ...
research
09/13/2018

ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

With the proliferation of Trusted Execution Environments (TEEs) such as ...
research
09/22/2021

Gotta catch 'em all: a Multistage Framework for honeypot fingerprinting

Honeypots are decoy systems that lure attackers by presenting them with ...
research
06/07/2012

Software Aging Analysis of Web Server Using Neural Networks

Software aging is a phenomenon that refers to progressive performance de...

Please sign up or login with your details

Forgot password? Click here to reset