Abstract
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.
Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS).
Chapter PDF
References
Bell, D., LaPadula, L.: Secure computer system: Unified exposition and Multics interpretation. Technical report, MITRE Corporation (1976)
Burket, J., Mutchler, P., Weaver, M., Zaveri, M., Evans, D.: GuardRails: A data-centric web application security framework. In: WebApps, pp. 1–12. USENIX, Portland (2011)
Chaudhuri, A., Foster, J.: Symbolic security analysis of Ruby-on-Rails web applications. In: Computer and Communications Security. ACM, Chicago (2010)
Chin, E., Wagner, D.: Efficient character-level taint tracking for Java. In: Workshop on Secure Web Services (SWS), pp. 3–12. ACM, Chicago (2009)
CouchRest, http://github.com/couchrest (Accessed September 5, 2011)
Department of Defense. Trusted Computer System Evaluation Criteria (1983)
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish/subscribe. ACM Computing Surveys 35(2), 114–131 (2003)
EventMachine, http://rubyeventmachine.com (Accessed September 5, 2011)
Huang, Y.-W., Yu, F., et al.: Securing web application code by static analysis and runtime protection. In: World Wide Web (WWW). ACM, New York (2004)
Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities. In: Symposium on Security and Privacy, pp. 258–263. IEEE, Berkeley (2006)
Miglivacca, M., Papagiannis, I., Eyers, D., Shand, B., Bacon, J., Pietzuch, P.: High-performance event processing with information security. In: USENIX Annual Technical Conference, Boston, MA (2010)
Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)
Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: A virtual machine based information flow control system for policy enforcement. Electronic Notes in Theoretical Computer Science 197(1), 3–16 (2008)
Nanda, S., Lam, L.-C., Chiueh, T.-C.: Dynamic multi-process information flow tracking for web application security. In: Middleware. ACM, Toronto (2007)
Papagiannis, I., Migliavacca, M., Eyers, D.M., Shand, B., et al.: Enforcing user privacy in web applications using Erlang. In: W2SP, Oakland, CA (2010)
Pietraszek, T., Berghe, C.: Defending Against Injection Attacks Through Context-Sensitive String Evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 124–145. Springer, Heidelberg (2006)
Rack:Csrf, http://github.com/baldowl/rack_csrf (Accessed September 5, 2011)
RailsXSS, http://github.com/rails/rails_xss (Accessed September 5, 2011)
Roy, I., Porter, D., Bond, M., McKinley, K., Witchel, E.: Laminar: Practical fine-grained decentralized information flow control. In: PLDI, Dublin, Ireland (2009)
Rubinius, http://rubini.us (Accessed September 5, 2011)
Ryck, P.D., Desmet, L., Joosen, W.: Middleware Support for Complex and Distributed Security Services in Multi-Tier web Applications. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 114–127. Springer, Heidelberg (2011)
Sinatra, http://www.sinatrarb.com (Accessed September 5, 2011)
Stomp protocol, http://stomp.github.com (Accessed September 5, 2011)
StompServer, http://stompserver.rubyforge.org (Accessed September 5, 2011)
UK Information Commissioner’s Office. Data breaches to incur up to £500,000 penalty, http://www.ico.gov.uk/~/media/documents/pressreleases/2010/PENALTIES_GUIDANCE_120110.ashx (Accessed September 5, 2011)
Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: An empirical analysis of XSS sanitization in web application frameworks. Technical report, UC Berkeley (2011)
Wun, A., Jacobsen, H.-A.: A Policy Management Framework for Content-Based Publish/Subscribe Middleware. In: Cerqueira, R., Pasquale, F. (eds.) Middleware 2007. LNCS, vol. 4834, pp. 368–388. Springer, Heidelberg (2007)
Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Security Symposium, pp. 121–136. USENIX, Vancouver (2006)
Ye, C., Jacobsen, H.-A.: Event Exposure for Web Services: A Grey-Box Approach to Compose and Evolve Web Services. In: Chignell, M., Cordy, J., Ng, J., Yesha, Y. (eds.) The Smart Internet. LNCS, vol. 6400, pp. 197–215. Springer, Heidelberg (2010)
Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F.: Improving Application Security With Data Flow Assertions. In: SOSP. ACM, Big Sky (2009)
Yoshihama, S., Yoshizawa, T., Watanabe, Y., Kudoh, M., Oyanagi, K.: Dynamic Information Flow Control Architecture for Web Applications. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 267–282. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hosek, P. et al. (2011). SafeWeb: A Middleware for Securing Ruby-Based Web Applications . In: Kon, F., Kermarrec, AM. (eds) Middleware 2011. Middleware 2011. Lecture Notes in Computer Science, vol 7049. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25821-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-25821-3_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25820-6
Online ISBN: 978-3-642-25821-3
eBook Packages: Computer ScienceComputer Science (R0)