Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpensive deployment of web sites. By leveraging the ever-increasing performances of server platforms, it is possible to let hundreds of customers share the available storage, computing, and connectivity facilities, eventually attaining a satisfying level of service for a fraction of the total cost of the platform. Since the advent of dynamic web programming, however, achieving a sensible tradeoff between security and efficiency in mass hosting solutions has become quite difficult. The most efficient and widespread solution, in fact, foresees the execution with undifferentiated rights of code belonging to different customers, thus opening the possibility of unauthorized access of one customer to the others’ data. This paper illustrates a possible solution to this problem, based on the integration of Mandatory Access control techniques within the web server. The proposed solution guarantees robust isolation between resources belonging to different subjects, without introducing a sensible increase in resource utilization.

Confining the Insider Threat in Mass Virtual Hosting Systems / Marco Prandini; Eugenio Faldella; Roberto Laschi. - STAMPA. - (2007), pp. 105-114. (Intervento presentato al convegno 5th International Workshop onSecurity in Information Systems - WOSIS 2007 tenutosi a Funchal - Madeira, Portugal nel 12-16 giugno 2007).

Confining the Insider Threat in Mass Virtual Hosting Systems

PRANDINI, MARCO;FALDELLA, EUGENIO;LASCHI, ROBERTO
2007

Abstract

Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpensive deployment of web sites. By leveraging the ever-increasing performances of server platforms, it is possible to let hundreds of customers share the available storage, computing, and connectivity facilities, eventually attaining a satisfying level of service for a fraction of the total cost of the platform. Since the advent of dynamic web programming, however, achieving a sensible tradeoff between security and efficiency in mass hosting solutions has become quite difficult. The most efficient and widespread solution, in fact, foresees the execution with undifferentiated rights of code belonging to different customers, thus opening the possibility of unauthorized access of one customer to the others’ data. This paper illustrates a possible solution to this problem, based on the integration of Mandatory Access control techniques within the web server. The proposed solution guarantees robust isolation between resources belonging to different subjects, without introducing a sensible increase in resource utilization.
2007
Security in Information SystemsProceedings of the 5th International Workshop onSecurity in Information Systems - WOSIS 2007
105
114
Confining the Insider Threat in Mass Virtual Hosting Systems / Marco Prandini; Eugenio Faldella; Roberto Laschi. - STAMPA. - (2007), pp. 105-114. (Intervento presentato al convegno 5th International Workshop onSecurity in Information Systems - WOSIS 2007 tenutosi a Funchal - Madeira, Portugal nel 12-16 giugno 2007).
Marco Prandini; Eugenio Faldella; Roberto Laschi
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/48588
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact