ABSTRACT
Web applications hosted on the cloud are exposed to cyberattacks and can be compromised by HTTP requests that exploit vulnerabilities. Platform as a Service (PaaS) offerings often provide a backup service that allows restoring application state after a serious attack, but all valid state changes since the last backup are lost. We propose Rectify, a new approach to recover from intrusions on applications running in a PaaS. Rectify is a service designed to be deployed alongside the application in a PaaS container. It does not require modifications to the software and the recovery can be performed by a system administrator. Machine learning techniques are used to associate the requests received by the application to the statements issued to the database. Rectify was evaluated using three widely used web applications - Wordpress, LimeSurvey and MediaWiki - and the results show that the effects of malicious requests can be removed whilst preserving the valid application data.
- İ. E. AkkuŞ and A. Goel. 2010. Data recovery for web applications. In Proceedings of the 40th IEEE/IFIP International Conference on Dependable Systems and Networks. 81--90.Google Scholar
- P. Ammann, S. Jajodia, and P. Liu. 2002. Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering 14, 5 (2002), 1167--1185. Google ScholarDigital Library
- D. J. Barrett. 2008. MediaWiki. O'Reilly. Google ScholarDigital Library
- A. Brazell. 2011. WordPress Bible. John Wiley and Sons. Google ScholarDigital Library
- A. Brown, L. Chung, W. Kakes, C. Ling, and D. Patterson. 2004. Experience with evaluating human-assisted recovery processes. In Proceedings of the 34th IEEE/IFIP International Conference on Dependable Systems and Networks. 405--410. Google ScholarDigital Library
- A. Brown and D. Patterson. 2003. Undo for Operators: Building an Undoable E-mail Store. In Proceedings of the USENIX Annual Technical Conference. 1--14. Google ScholarDigital Library
- R. Chandra, T. Kim, M. Shah, N. Narula, and N. Zeldovich. 2011. Intrusion recovery for database-backed web applications. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 101--114. Google ScholarDigital Library
- R. Chandra, T. Kim, and N. Zeldovich. 2013. Asynchronous intrusion recovery for interconnected web services. In Proceedings of the 24th ACM Symposium on Operating Systems Principles. 213--227. Google ScholarDigital Library
- T. Chiueh and D. Pilania. 2005. Design, implementation, and evaluation of a repairable database management system. In Proceedings of the 21st IEEE International Conference on Data Engineering. 1024--1035. Google ScholarDigital Library
- E. Ciurana. 2009. Developing with Google App Engine. A Press. Google ScholarDigital Library
- B. Cohen. 2013. PaaS: new opportunities for cloud application development. Computer 46, 9 (2013), 97--100. Google ScholarDigital Library
- H. Garcia-Molina, J. Ullman, and J. Widom. 2008. Database Systems: The Complete Book (2nd ed.). Pearson. Google ScholarDigital Library
- M. Gegick, E. Isakson, and L. Williams. 2006. An early testing and defense web application framework for malicious input attacks. In ISSRE Supplementary Conference Proceedings.Google Scholar
- A. Goel, K. Po, K. Farhadi, Z. Li, and E. De Lara. 2005. The Taser intrusion recovery system. In ACM SIGOPS Operating Systems Review, Vol. 39. 163--176. Google ScholarDigital Library
- W. G. Halfond, J. Viegas, and A. Orso. 2006. A classification of SQL-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering. 13--15.Google Scholar
- E. H. Halili. 2008. Apache JMeter: A practical beginner's guide to automated testing and performance measurement for your websites. Packt Publishing Ltd. Google ScholarDigital Library
- M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. 2009. The WEKA data mining software: an update. ACM SIGKDD Explorations Newsletter 11, 1 (2009), 10--18. Google ScholarDigital Library
- A. Heydon and M. Najork. 1999. Mercator: A scalable, extensible web crawler. World Wide Web 2, 4 (1999), 219--229. Google ScholarDigital Library
- K. L. Ingham and H. Inoue. 2007. Comparing anomaly detection techniques for HTTP. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection. 42--62. Google ScholarDigital Library
- T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. 2010. Intrusion Recovery Using Selective Re-execution. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. 89--104. Google ScholarDigital Library
- H. F. Korth, E. Levy, and A. Silberschatz. 1990. A Formal Approach to Recovery by Compensating Transactions. In Proceedings of the 16th International Conference on Very Large Data Bases. 95--106. Google ScholarDigital Library
- S. B. Kotsiantis. 2007. Supervised Machine Learning: A Review of Classification Techniques. In Proceedings of the 2007 Conference on Emerging Artificial Intelligence Applications in Computer Engineering: Real Word AI Systems with Applications in eHealth, HCI, Information Retrieval and Pervasive Technologies. 3--24. Google ScholarDigital Library
- C. Kruegel, G. Vigna, and W. Robertson. 2005. A multi-model approach to the detection of web-based attacks. Computer Networks 48, 5 (2005), 717--738. Google ScholarDigital Library
- P. A. Larson, J. Goldstein, and J. Zhou. Mtcache: Transparent mid-tier database caching in SQL server. In Data Engineering, 2004. Proceedings. 20th International Conference on. 177--188. Google ScholarDigital Library
- LimeSurvey. 2017. An open source survey tool. (2017). https://www.limesurvey.org.Google Scholar
- P. Liu, J. Jing, P. Luenam, Y. Wang, L. Li, and S. Ingsriswang. 2004. The design and implementation of a self-healing database system. Journal of Intelligent Information Systems 23, 3 (2004), 247--269. Google ScholarDigital Library
- Q. Luo and J. F. Naughton. 2001. Form-based proxy caching for database-backed web sites. In Proceedings of the 27th International Conference on Very Large Data Bases. 191--200. Google ScholarDigital Library
- D. Matos and M. Correia. 2016. NoSQL Undo: Recovering NoSQL Databases by Undoing Operations. In Proceedings of the 15th IEEE International Symposium on Network Computing and Applications.Google Scholar
- P. Mell and T. Grance. 2011. The NIST Definition of Cloud Computing. National Institute of Standards and Technology (2011).Google Scholar
- D. Nascimento and M. Correia. 2015. Shuttle: Intrusion Recovery for PaaS. In Proceedings of the 35th IEEE International Conference on Distributed Computing Systems. 653--663.Google Scholar
- G. Nascimento and M. Correia. 2011. Anomaly-based intrusion detection in software as a service. In IEEE/IFIP International Conference on Dependable Systems and Networks Workshops. Google ScholarDigital Library
- D. Oliveira, J. R. Crandall, G. Wassermann, S. Ye, S. F. Wu, Z. Su, and F. T. Chong. 2008. Bezoar: Automated virtual machine-based full-system recovery from control-flow hijacking attacks. In Proceedings of the IEEE Network Operations and Management Symposium. 121--128.Google Scholar
- M. R. Palankar, A. Iamnitchi, M. Ripeanu, and S. Garfinkel. 2008. Amazon S3 for science grids: a viable solution?. In Proceedings of the International Workshop on Data-Aware Distributed Computing. 55--64. Google ScholarDigital Library
- R. Peinl, F. Holzschuher, and F. Pfitzer. 2016. Docker Cluster Management for the Cloud - Survey Results and Own Solution. Journal of Grid Computing (2016), 1--18. Google ScholarDigital Library
- S. Pousty and K. Miller. 2014. Getting started with OpenShift. O'Reilly. Google ScholarDigital Library
- W. Robertson, G. Vigna, C. Kruegel, and R. Kemmerer. 2006. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In Proceedings of the 13th Symposium on Network andDistributedSystem Security.Google Scholar
- M. Safronov and J. Winesett. 2014. Web Application Development with Yii 2 and PHP. Packt Publishing Ltd. Google ScholarDigital Library
- Z. Su and G. Wassermann. 2006. The essence of command injection attacks in web applications. In Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles Of Programming Languages. Google ScholarDigital Library
- L. M. Vaquero, L. Rodero-Merino, and Ra. Buyya. 2011. Dynamically scaling applications in the cloud. ACM SIGCOMM Computer Communication Review 41, 1 (2011), 45--52. Google ScholarDigital Library
- L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner. 2008. A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review 39, 1 (2008), 50--55. Google ScholarDigital Library
- J. Varia and S. Mathew. 2014. Overview of Amazon Web Services. Amazon Web Services (2014).Google Scholar
- G. Vigna, F. Valeur, D. Balzarotti, W. Robertson, C. Kruegel, and E. Kirda. 2009. Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries. Journal of Computer Security 17, 3 (2009), 305--329. Google ScholarDigital Library
- C. D. Weissman and S. Bobrowski. 2009. The Design of the Force.com Multitenant Internet Application Development Platform. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data. 889--896. Google ScholarDigital Library
- J. Williams and D. Wichers. 2013. OWASP Top 10 - The Ten Most Critical Web Application Security Risks. Technical Report. OWASP Foundation.Google Scholar
Index Terms
- Rectify: black-box intrusion recovery in PaaS clouds
Recommendations
Pricing as a Service: Personalized Pricing Strategy in Cloud Computing
CIT '12: Proceedings of the 2012 IEEE 12th International Conference on Computer and Information TechnologyCloud computing is emerging as a model in support of "everything-as-a-service". Virtualized physical resources, virtualized infrastructure, as well as virtualized middleware platforms and business applications are being provided and consumed as services ...
Cloud Multi-Tenancy: Issues and Developments
UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud ComputingCloud Computing (CC) is a computational paradigm that provides pay-per use services to customers from a pool of networked computing resources that are provided on demand. Customers therefore does not need to worry about infrastructure or storage. Cloud ...
Managing elasticity across multiple cloud providers
MultiCloud '13: Proceedings of the 2013 international workshop on Multi-cloud applications and federated cloudsIn the context of cloud computing, elasticity is the capacity to scale computing resources up and down easily. Currently, most Platforms as a Service (PaaS) manage application elasticity within a single cloud provider. However, the not so infrequent ...
Comments