Etd

Single-Use Servers: A Generalized Design for Eliminating the Confused Deputy Problem in Networked Services

Public

Downloadable Content

open in viewer

Internet application servers are currently designed to maximize resource efficiency by servicing many thousands of users that may fall within disparate privilege classes. Pooling users into a shared execution context in this way enables adversaries not only to laterally propagate attacks against other clients, but also to use the application server as a "confused deputy" to gain escalated privileges against sensitive backend data. In this work, we present the Single-use Server (SuS) model, which detects and defeats these attacks by separating users into isolated, containerized application servers with tailored backend permissions. In this model, exploited servers no longer have unfettered access to the backend data or other users. We create a prototype implementation of the SuS model for the WordPress content management system and demonstrate our model's ability to neutralize real-world exploits against vulnerable WordPress versions. We find that the SuS model achieves a high level of security while minimizing the amount of code modification required for porting an application server. In our performance evaluation, we find that the CPU and latency overheads of the SuS model are very low, and memory consumption scales linearly. We generalize the SuS model to be applicable to a wide range of application server and backend resource pairs. With our modularized codebase, we port IMAP, a widely-used mail retrieval protocol, to the SuS model and find that doing so requires minimal effort.

Creator
Contributors
Degree
Unit
Publisher
Identifier
  • etd-3736
Keyword
Advisor
Orcid
Defense date
Year
  • 2020
Date created
  • 2020-05-11
Resource type
Rights statement
Last modified
  • 2020-10-19

Relations

In Collection:

Items

Items

Permanent link to this page: https://digital.wpi.edu/show/5m60qv676