SafeWeb: A Middleware for Securing Ruby-Based Web Applications

  • Petr Hosek
  • Matteo Migliavacca
  • Ioannis Papagiannis
  • David M. Eyers
  • David Evans
  • Brian Shand
  • Jean Bacon
  • Peter Pietzuch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7049)

Abstract

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.

Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS).

Keywords

National Health Service Security Policy Security Requirement Access Control Model Complex Event Processing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Bell, D., LaPadula, L.: Secure computer system: Unified exposition and Multics interpretation. Technical report, MITRE Corporation (1976)Google Scholar
  2. 2.
    Burket, J., Mutchler, P., Weaver, M., Zaveri, M., Evans, D.: GuardRails: A data-centric web application security framework. In: WebApps, pp. 1–12. USENIX, Portland (2011)Google Scholar
  3. 3.
    Chaudhuri, A., Foster, J.: Symbolic security analysis of Ruby-on-Rails web applications. In: Computer and Communications Security. ACM, Chicago (2010)Google Scholar
  4. 4.
    Chin, E., Wagner, D.: Efficient character-level taint tracking for Java. In: Workshop on Secure Web Services (SWS), pp. 3–12. ACM, Chicago (2009)CrossRefGoogle Scholar
  5. 5.
    CouchRest, http://github.com/couchrest (Accessed September 5, 2011)
  6. 6.
    Department of Defense. Trusted Computer System Evaluation Criteria (1983)Google Scholar
  7. 7.
    Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish/subscribe. ACM Computing Surveys 35(2), 114–131 (2003)CrossRefGoogle Scholar
  8. 8.
    EventMachine, http://rubyeventmachine.com (Accessed September 5, 2011)
  9. 9.
    Huang, Y.-W., Yu, F., et al.: Securing web application code by static analysis and runtime protection. In: World Wide Web (WWW). ACM, New York (2004)Google Scholar
  10. 10.
    Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities. In: Symposium on Security and Privacy, pp. 258–263. IEEE, Berkeley (2006)Google Scholar
  11. 11.
    Miglivacca, M., Papagiannis, I., Eyers, D., Shand, B., Bacon, J., Pietzuch, P.: High-performance event processing with information security. In: USENIX Annual Technical Conference, Boston, MA (2010)Google Scholar
  12. 12.
    Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)CrossRefGoogle Scholar
  13. 13.
    Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: A virtual machine based information flow control system for policy enforcement. Electronic Notes in Theoretical Computer Science 197(1), 3–16 (2008)CrossRefGoogle Scholar
  14. 14.
    Nanda, S., Lam, L.-C., Chiueh, T.-C.: Dynamic multi-process information flow tracking for web application security. In: Middleware. ACM, Toronto (2007)Google Scholar
  15. 15.
    Papagiannis, I., Migliavacca, M., Eyers, D.M., Shand, B., et al.: Enforcing user privacy in web applications using Erlang. In: W2SP, Oakland, CA (2010)Google Scholar
  16. 16.
    Pietraszek, T., Berghe, C.: Defending Against Injection Attacks Through Context-Sensitive String Evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 124–145. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Rack:Csrf, http://github.com/baldowl/rack_csrf (Accessed September 5, 2011)
  18. 18.
    RailsXSS, http://github.com/rails/rails_xss (Accessed September 5, 2011)
  19. 19.
    Roy, I., Porter, D., Bond, M., McKinley, K., Witchel, E.: Laminar: Practical fine-grained decentralized information flow control. In: PLDI, Dublin, Ireland (2009)Google Scholar
  20. 20.
    Rubinius, http://rubini.us (Accessed September 5, 2011)
  21. 21.
    Ryck, P.D., Desmet, L., Joosen, W.: Middleware Support for Complex and Distributed Security Services in Multi-Tier web Applications. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 114–127. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. 22.
    Sinatra, http://www.sinatrarb.com (Accessed September 5, 2011)
  23. 23.
    Stomp protocol, http://stomp.github.com (Accessed September 5, 2011)
  24. 24.
    StompServer, http://stompserver.rubyforge.org (Accessed September 5, 2011)
  25. 25.
    UK Information Commissioner’s Office. Data breaches to incur up to £500,000 penalty, http://www.ico.gov.uk/~/media/documents/pressreleases/2010/PENALTIES_GUIDANCE_120110.ashx (Accessed September 5, 2011)
  26. 26.
    Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: An empirical analysis of XSS sanitization in web application frameworks. Technical report, UC Berkeley (2011)Google Scholar
  27. 27.
    Wun, A., Jacobsen, H.-A.: A Policy Management Framework for Content-Based Publish/Subscribe Middleware. In: Cerqueira, R., Pasquale, F. (eds.) Middleware 2007. LNCS, vol. 4834, pp. 368–388. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Security Symposium, pp. 121–136. USENIX, Vancouver (2006)Google Scholar
  29. 29.
    Ye, C., Jacobsen, H.-A.: Event Exposure for Web Services: A Grey-Box Approach to Compose and Evolve Web Services. In: Chignell, M., Cordy, J., Ng, J., Yesha, Y. (eds.) The Smart Internet. LNCS, vol. 6400, pp. 197–215. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F.: Improving Application Security With Data Flow Assertions. In: SOSP. ACM, Big Sky (2009)Google Scholar
  31. 31.
    Yoshihama, S., Yoshizawa, T., Watanabe, Y., Kudoh, M., Oyanagi, K.: Dynamic Information Flow Control Architecture for Web Applications. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 267–282. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Petr Hosek
    • 1
  • Matteo Migliavacca
    • 1
  • Ioannis Papagiannis
    • 1
  • David M. Eyers
    • 2
  • David Evans
    • 3
  • Brian Shand
    • 4
  • Jean Bacon
    • 3
  • Peter Pietzuch
    • 1
  1. 1.Imperial CollegeLondonUK
  2. 2.University of OtagoNew Zealand
  3. 3.University of CambridgeUK
  4. 4.ECRIC, National Health ServiceUK

Personalised recommendations