Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpensive deployment of web sites. By leveraging the ever-increasing performances of server platforms, it is possible to let hundreds of customers share the available storage, computing, and connectivity facilities, eventually attaining a satisfying level of service for a fraction of the total cost of the platform. Since the advent of dynamic web programming, however, achieving a sensible tradeoff between security and efficiency in mass hosting solutions has become quite difficult. The most efficient and widespread solution, in fact, foresees the execution with undifferentiated rights of code belonging to different customers, thus opening the possibility of unauthorized access of one customer to the others’ data. This paper illustrates a possible solution to this problem, based on the integration of Mandatory Access control techniques within the web server. The proposed solution guarantees robust isolation between resources belonging to different subjects, without introducing a sensible increase in resource utilization.
Marco Prandini, Eugenio Faldella, Roberto Laschi (2007). Confining the Insider Threat in Mass Virtual Hosting Systems. SETÚBAL : INSTICC Press.
Confining the Insider Threat in Mass Virtual Hosting Systems
PRANDINI, MARCO;FALDELLA, EUGENIO;LASCHI, ROBERTO
2007
Abstract
Mass virtual hosting is a widespread solution to the market need for a platform allowing the inexpensive deployment of web sites. By leveraging the ever-increasing performances of server platforms, it is possible to let hundreds of customers share the available storage, computing, and connectivity facilities, eventually attaining a satisfying level of service for a fraction of the total cost of the platform. Since the advent of dynamic web programming, however, achieving a sensible tradeoff between security and efficiency in mass hosting solutions has become quite difficult. The most efficient and widespread solution, in fact, foresees the execution with undifferentiated rights of code belonging to different customers, thus opening the possibility of unauthorized access of one customer to the others’ data. This paper illustrates a possible solution to this problem, based on the integration of Mandatory Access control techniques within the web server. The proposed solution guarantees robust isolation between resources belonging to different subjects, without introducing a sensible increase in resource utilization.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
