A low-cost runtime-privilege changing system for shared servers

We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is th...

Full description

Saved in:
Bibliographic Details
Main Authors: Hara, D., Nakayama, Y.
Format: Conference Proceeding
Language:English
Subjects:
Access control
Containers
File servers
Kernel
Linux
Runtime Privilege
Scalability
Security in a Server
Shared Hosting Service
Site-number Scalability
Throughput
Virtual machining
Voice mail
Web server
Web Server System
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 685
container_issue
container_start_page 680
container_title
container_volume 1
creator Hara, D.
Nakayama, Y.
description We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user's files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5440376</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5440376</ieee_id><sourcerecordid>5440376</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-d064a50a87394c992fa8b6e223596e509df52992581459ab6e4b10500a9d76b33</originalsourceid><addsrcrecordid>eNotjttKw0AURUdUsNZ8gS_zAwNnLmcuT1KKNyj4os9lkpykI0kjM7HSvzegT5u9Niz2BauC8z4gyiCNVZfsVhplDBrl5BVbSae9CEu_YVUpnwCgQQIovWIPGz5MP6KZyszz93FOI4mvnE5poJ54c4jHPh17Xs5lppF3U-blEDO1vFA-US537LqLQ6HqP9fs4-nxffsidm_Pr9vNTiTpcBYtWBMRonc6mCYE1UVfW1JKY7CEENoO1YLRS4MhLpOpJSBADK2ztdZrdv_nTUS0Xx6OMZ_3aAxoZ_UvtrFFqw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A low-cost runtime-privilege changing system for shared servers</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Hara, D. ; Nakayama, Y.</creator><creatorcontrib>Hara, D. ; Nakayama, Y.</creatorcontrib><description>We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user's files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.</description><identifier>ISSN: 1738-9445</identifier><identifier>ISBN: 1424454271</identifier><identifier>ISBN: 9781424454273</identifier><identifier>EISBN: 9788955191462</identifier><identifier>EISBN: 9781424454280</identifier><identifier>EISBN: 142445428X</identifier><identifier>EISBN: 8955191464</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Containers ; File servers ; Kernel ; Linux ; Runtime Privilege ; Scalability ; Security in a Server ; Shared Hosting Service ; Site-number Scalability ; Throughput ; Virtual machining ; Voice mail ; Web server ; Web Server System</subject><ispartof>2010 The 12th International Conference on Advanced Communication Technology (ICACT), 2010, Vol.1, p.680-685</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5440376$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5440376$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hara, D.</creatorcontrib><creatorcontrib>Nakayama, Y.</creatorcontrib><title>A low-cost runtime-privilege changing system for shared servers</title><title>2010 The 12th International Conference on Advanced Communication Technology (ICACT)</title><addtitle>ICACT</addtitle><description>We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user's files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.</description><subject>Access control</subject><subject>Containers</subject><subject>File servers</subject><subject>Kernel</subject><subject>Linux</subject><subject>Runtime Privilege</subject><subject>Scalability</subject><subject>Security in a Server</subject><subject>Shared Hosting Service</subject><subject>Site-number Scalability</subject><subject>Throughput</subject><subject>Virtual machining</subject><subject>Voice mail</subject><subject>Web server</subject><subject>Web Server System</subject><issn>1738-9445</issn><isbn>1424454271</isbn><isbn>9781424454273</isbn><isbn>9788955191462</isbn><isbn>9781424454280</isbn><isbn>142445428X</isbn><isbn>8955191464</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjttKw0AURUdUsNZ8gS_zAwNnLmcuT1KKNyj4os9lkpykI0kjM7HSvzegT5u9Niz2BauC8z4gyiCNVZfsVhplDBrl5BVbSae9CEu_YVUpnwCgQQIovWIPGz5MP6KZyszz93FOI4mvnE5poJ54c4jHPh17Xs5lppF3U-blEDO1vFA-US537LqLQ6HqP9fs4-nxffsidm_Pr9vNTiTpcBYtWBMRonc6mCYE1UVfW1JKY7CEENoO1YLRS4MhLpOpJSBADK2ztdZrdv_nTUS0Xx6OMZ_3aAxoZ_UvtrFFqw</recordid><startdate>201002</startdate><enddate>201002</enddate><creator>Hara, D.</creator><creator>Nakayama, Y.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201002</creationdate><title>A low-cost runtime-privilege changing system for shared servers</title><author>Hara, D. ; Nakayama, Y.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-d064a50a87394c992fa8b6e223596e509df52992581459ab6e4b10500a9d76b33</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Access control</topic><topic>Containers</topic><topic>File servers</topic><topic>Kernel</topic><topic>Linux</topic><topic>Runtime Privilege</topic><topic>Scalability</topic><topic>Security in a Server</topic><topic>Shared Hosting Service</topic><topic>Site-number Scalability</topic><topic>Throughput</topic><topic>Virtual machining</topic><topic>Voice mail</topic><topic>Web server</topic><topic>Web Server System</topic><toplevel>online_resources</toplevel><creatorcontrib>Hara, D.</creatorcontrib><creatorcontrib>Nakayama, Y.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)【Remote access available】</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hara, D.</au><au>Nakayama, Y.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A low-cost runtime-privilege changing system for shared servers</atitle><btitle>2010 The 12th International Conference on Advanced Communication Technology (ICACT)</btitle><stitle>ICACT</stitle><date>2010-02</date><risdate>2010</risdate><volume>1</volume><spage>680</spage><epage>685</epage><pages>680-685</pages><issn>1738-9445</issn><isbn>1424454271</isbn><isbn>9781424454273</isbn><eisbn>9788955191462</eisbn><eisbn>9781424454280</eisbn><eisbn>142445428X</eisbn><eisbn>8955191464</eisbn><abstract>We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user's files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.</abstract><pub>IEEE</pub><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1738-9445
ispartof 2010 The 12th International Conference on Advanced Communication Technology (ICACT), 2010, Vol.1, p.680-685
issn 1738-9445
language eng
recordid cdi_ieee_primary_5440376
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Containers
File servers
Kernel
Linux
Runtime Privilege
Scalability
Security in a Server
Shared Hosting Service
Site-number Scalability
Throughput
Virtual machining
Voice mail
Web server
Web Server System
title A low-cost runtime-privilege changing system for shared servers
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T13%3A32%3A50IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20low-cost%20runtime-privilege%20changing%20system%20for%20shared%20servers&rft.btitle=2010%20The%2012th%20International%20Conference%20on%20Advanced%20Communication%20Technology%20(ICACT)&rft.au=Hara,%20D.&rft.date=2010-02&rft.volume=1&rft.spage=680&rft.epage=685&rft.pages=680-685&rft.issn=1738-9445&rft.isbn=1424454271&rft.isbn_list=9781424454273&rft_id=info:doi/&rft.eisbn=9788955191462&rft.eisbn_list=9781424454280&rft.eisbn_list=142445428X&rft.eisbn_list=8955191464&rft_dat=%3Cieee_6IE%3E5440376%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-d064a50a87394c992fa8b6e223596e509df52992581459ab6e4b10500a9d76b33%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5440376&rfr_iscdi=true