DATS - Data containers for web applications

Casen Hunger; Lluís Vilanova; Charalampos Papamanthou; Yoav Etsion; Mohit Tiwari

doi:10.1145/3173162.3173213

DATS - Data containers for web applications

Casen Hunger, Lluís Vilanova, Charalampos Papamanthou, Yoav Etsion, Mohit Tiwari

Electrical and Computer Engineering

Technion - Israel Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust de-classifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worstcase overheads due to application replication, and demonstrate usable performance for common-case usage.

Original language	English
Title of host publication	Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Pages	722-736
Number of pages	15
Volume	53
Edition	2
ISBN (Electronic)	9781450349116
DOIs	https://doi.org/10.1145/3173162.3173213
State	Published - 19 Mar 2018
Event	23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018 - Williamsburg, United States Duration: 24 Mar 2018 → 28 Mar 2018

Conference

Conference	23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Country/Territory	United States
City	Williamsburg
Period	24/03/18 → 28/03/18

Keywords

Information declassification
Information flow control
Operating systems security
Web application security

All Science Journal Classification (ASJC) codes

General Computer Science

Access to Document

10.1145/3173162.3173213

Cite this

@inproceedings{7fe5beba1d744586a584df341081c4cc,

title = "DATS - Data containers for web applications",

abstract = "Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust de-classifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worstcase overheads due to application replication, and demonstrate usable performance for common-case usage.",

keywords = "Information declassification, Information flow control, Operating systems security, Web application security",

author = "Casen Hunger and Llu{\'i}s Vilanova and Charalampos Papamanthou and Yoav Etsion and Mohit Tiwari",

note = "Publisher Copyright: {\textcopyright} 2018 Copyright held by the owner/author(s).; 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018 ; Conference date: 24-03-2018 Through 28-03-2018",

year = "2018",

month = mar,

day = "19",

doi = "10.1145/3173162.3173213",

language = "الإنجليزيّة",

volume = "53",

pages = "722--736",

booktitle = "Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018",

edition = "2",

}

Hunger, C, Vilanova, L, Papamanthou, C, Etsion, Y & Tiwari, M 2018, DATS - Data containers for web applications. in Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018. 2 edn, vol. 53, pp. 722-736, 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018, Williamsburg, United States, 24/03/18. https://doi.org/10.1145/3173162.3173213

DATS - Data containers for web applications. / Hunger, Casen; Vilanova, Lluís; Papamanthou, Charalampos et al.
Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018. Vol. 53 2. ed. 2018. p. 722-736.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DATS - Data containers for web applications

AU - Hunger, Casen

AU - Vilanova, Lluís

AU - Papamanthou, Charalampos

AU - Etsion, Yoav

AU - Tiwari, Mohit

PY - 2018/3/19

Y1 - 2018/3/19

N2 - Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust de-classifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worstcase overheads due to application replication, and demonstrate usable performance for common-case usage.

AB - Data containers enable users to control access to their data while untrusted applications compute on it. However, they require replicating an application inside each container - compromising functionality, programmability, and performance. We propose DATS - a system to run web applications that retains application usability and efficiency through a mix of hardware capability enhanced containers and the introduction of two new primitives modeled after the popular model-view-controller (MVC) pattern. (1) DATS introduces a templating language to create views that compose data across data containers. (2) DATS uses authenticated storage and confinement to enable an untrusted storage service, such as memcached and deduplication, to operate on plain-text data across containers. These two primitives act as robust de-classifiers that allow DATS to enforce non-interference across containers, taking large applications out of the trusted computing base (TCB). We showcase eight different web applications including Gitlab and a Slack-like chat, significantly improve the worstcase overheads due to application replication, and demonstrate usable performance for common-case usage.

KW - Information declassification

KW - Information flow control

KW - Operating systems security

KW - Web application security

UR - http://www.scopus.com/inward/record.url?scp=85060080751&partnerID=8YFLogxK

U2 - 10.1145/3173162.3173213

DO - 10.1145/3173162.3173213

M3 - منشور من مؤتمر

VL - 53

SP - 722

EP - 736

BT - Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018

T2 - 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018

Y2 - 24 March 2018 through 28 March 2018

ER -

DATS - Data containers for web applications

Abstract

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this