ISOLATION OF HTTP REQUEST PROCESSING THROUGH SOFTWARE FAULT ISOLATION
A Web application is a program that processes untrusted input from the Internet on behalf of remote users. Implementation errors give rise to vulnerabilities, of which many relate to illegal accesses to memory, or faults. A remote attacker may exploit these vulnerabilities through crafted input data...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/69556 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | A Web application is a program that processes untrusted input from the Internet on behalf of remote users. Implementation errors give rise to vulnerabilities, of which many relate to illegal accesses to memory, or faults. A remote attacker may exploit these vulnerabilities through crafted input data to gain control over the entire application. A successful attack may result in denial of service, information disclosure, data corruption, or arbitrary code execution. With the application compromised, the attacker may further attack other resources the application has access to, such as other network services. While the operating system catches memory faults at address-space boundaries, it is those faults that cross a logical software boundary, but remain within the same address space, that is most often abused to subvert application security. Software fault isolation provides a mechanism to catch memory access faults between logical modules within a single address space. This allows the partitioning of the application into modules that cannot directly reference each other’s objects in memory. This limits the damage an attacker may cause to a single module. Data validation is still required at the boundaries where modules communicate, and the partitioning of the application into modules must be performed carefully. This work proposes using software fault isolation to enforce partitioning at three distinct levels of the Web stack: at the request level, at the application runtime, and within the application code proper. All three are analyzed against the goal of preventing the computations triggered by HTTP requests from tampering with those of other users, whether directly or indirectly. We propose a language runtime modification to isolate instances of targeted classes from each other while exposing an unmodified API to the application. A design is presented to modify the PHP Imagick extension to isolate the underlying ImageMagick implementation at the granularity of individual PHP objects. Finally, the use of SFI using the RLBox framework is demonstrated to successfully enforce object-capability security at the API level. |
|---|