Skip to main content
Springer Nature Link
Log in

Hi-sap: Secure and Scalable Web Server System for Shared Hosting Services

  • Conference paper
Broadband Communications, Networks, and Systems (BROADNETS 2010)

  • 806 Accesses

Abstract

We propose Hi-sap, a Web server system that solves internal security problems in a server used for shared hosting services and that achieves high site-number scalability with little performance degradation. Customers are often exposed to internal attacks, i.e., malicious customers illegally access other customers’ files. Existing approaches solve a portion of this problem, but they are not enough from the view point of performance, site-number scalability, or generality. The proposed system protects customers’ files by isolating them in separate security domains, “partitions” that are unit of protection, using a secure OS facility. A default partition is a Web site, and each partition has a Web server instance that runs under the privilege of an individual user and serves files in the partition. Since the Web servers reuse server processes and can run without the burden of a security mechanism themselves, there is little performance degradation. In addition, since Hi-sap dynamically controls the number of Web servers, the number of partitions in a server is scalable. We implemented Hi-sap on a Linux OS and evaluated its effectiveness. Experimental results show that Hi-sap has up to 14.3 times the performance of suEXEC and achieves high scalability of 1000 sites per server.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. WikiWikiWeb, http://c2.com/cgi/wiki?WikiWikiWeb

  2. Goodwin, S., Vidgen, R.: Content, content, everywhere...time to stop and think? The process of Web content management. IEE Computing & Control Engineering Journal 13(2), 66–70 (2002)

    Article  Google Scholar 

  3. Apache HTTP Server, http://httpd.apache.org/

  4. Neulinger, N.: CGIWrap: User CGI Access, http://cgiwrap.sourceforge.net/

  5. Marsching, S.: suPHP, http://www.suphp.org/

  6. Grunbacher, A.: POSIX Access Control Lists on Linux. In: Proc. FREENIX Track: 2003 USENIX Annual Technical Conference, pp. 259–272 (2003)

    Google Scholar 

  7. PHP: Hypertext Preprocessor, http://www.php.net/

  8. mod_ruby, http://modruby.net/

  9. mod_perl, http://perl.apache.org/

  10. mod_python, http://www.modpython.org/

  11. Hara, D., Ozaki, R., Hyoudou, K., Nakayama, Y.: Harache: A WWW Server Running with the Authority of the File Owner. J. IPS Japan 46(12), 3127–3137 (2005) (in Japanese)

    Google Scholar 

  12. Hara, D., Nakayama, Y.: Secure and High-performance Web Server System for Shared Hosting Service. In: Proc. the 12th International Conference on Parallel and Distributed Systems (ICPADS 2006), pp. 161–168 (2006)

    Google Scholar 

  13. Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proc. FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 29–40 (2001)

    Google Scholar 

  14. Classman, S.: A Caching Relay for the World Wide Web. In: Proc. the 1st International World-Wide Web Conference, pp. 69–76 (1994)

    Google Scholar 

  15. Kamp, P., Watson, R.: Jails: Confining the omnipotent root. In: Proc. the 2nd International System Administration and Networking Conference (2000)

    Google Scholar 

  16. Dike, J.: A user-mode port of the linux kernel. In: Proc. the USENIX Annual Linux Showcase and Conference (2000)

    Google Scholar 

  17. Linux-VServer, http://linux-vserver.org/

  18. Linux containers, http://lxc.sourceforge.net/

  19. Suranyi, P., Abe, H., Hirotsu, T., Shinjo, Y., Kato, K.: General Virtual Hosting via Lightweight User-level Virtualization. In: Proc. the 2005 International Symposium on Applications and the Internet (SAINT 2005), pp. 229–236 (2005)

    Google Scholar 

  20. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: Proc. the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), pp. 164–177 (2003)

    Google Scholar 

  21. Waldspurger, C.A.: Memory Resource Management in VMware ESX Server. In: Proc. the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), pp. 181–194 (2002)

    Google Scholar 

  22. Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A., Voelker, G., Savage, S.: Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. In: Proc. the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), pp. 148–162 (2005)

    Google Scholar 

  23. Gupta, D., Lee, S., Vrable, M., Savage, S., Snoeren, A.C., Vahdat, A., Varghese, G., Voelker, G.M.: Difference engine: Harnessing memory redundancy in virtual machines. In: Proc. the 8th Symposium on Operating Systems Design and Implementation (OSDI 2008), pp. 309–322 (2008)

    Google Scholar 

  24. Milos, G., Murray, D.G., Hand, S., Fetterman, M.A.: Satori: Enlightened page sharing. In: Proc. the 2009 USENIX Annual Technical Conference (USENIX 2009), pp. 1–14 (2009)

    Google Scholar 

  25. Whitaker, A., Shaw, M., Gribble, S.: Denali: Lightweight Virtual Machines for Distributed and Networked Applications, University of Washington Technical Report, 02-02-01

    Google Scholar 

  26. McLean, J.: The algebra of security. In: Proc. 1988 IEEE Symposium on Security and Privacy, pp. 2–7 (1988)

    Google Scholar 

  27. Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  28. Mosberger, D., Jin, T.: httperf—A Tool for Measuring Web Server Performance. In: Proc. the 1st Workshop on Internet Server Performance, pp. 59–67 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Electro-Communications, Chofu, Tokyo, 182–8585, Japan

    Daisuke Hara, Ryohei Fukuda, Kazuki Hyoudou, Ryota Ozaki & Yasuichi Nakayama

Authors
  1. Daisuke Hara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryohei Fukuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuki Hyoudou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ryota Ozaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yasuichi Nakayama
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Athens Information Technology, Markopoulo Avenue Peania, PO Box 68, 19002, Athens, Greece

    Ioannis Tomkos

  2. Department of Computer Engineering and Informatics, University of Patras, University campus, 26504, Rio, Patras, Greece

    Christos J. Bouras

  3. Department of Electrical and Computer Engineering, University of Cyprus, 75 Kallipoleos Street, 1678, Nicosia, Cyprus, Greece

    Georgios Ellinas

  4. University of Piraeus, 185 34 Piraeus, Athens, Greece

    Panagiotis Demestichas

  5. Department of Computer Science and Engineering, Ohio State University, 2015 Neil Avenue, 43210, Columbus, OH, USA

    Prasun Sinha

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Hara, D., Fukuda, R., Hyoudou, K., Ozaki, R., Nakayama, Y. (2012). Hi-sap: Secure and Scalable Web Server System for Shared Hosting Services. In: Tomkos, I., Bouras, C.J., Ellinas, G., Demestichas, P., Sinha, P. (eds) Broadband Communications, Networks, and Systems. BROADNETS 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 66. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30376-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30376-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30375-3

  • Online ISBN: 978-3-642-30376-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics