intrusion recovery for database backed web applications
play

Intrusion Recovery for Database-backed Web Applications Ramesh - PowerPoint PPT Presentation

Oct 04, 2023 •680 likes •1.44k views

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely compromised Web applications

  1. Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL

  2. Web applications routinely compromised

  3. Web applications routinely compromised

  4. Web applications routinely compromised

  5. Recovering integrity is important ● Preventing intrusions is important, but compromises will still happen ● Vulnerabilities are common, and new bugs are constantly being found [CVE] – 3-4 new vulnerabilities found per day, on average for the past 4 years ● Administrators misconfigure policies, settings ● This talk: recovering integrity after attack

  6. Cross-site scripting (XSS) bugs (simplified) Time Eve's browser Wiki pages table ID Text 5 Welcome!! Alice's browser Wiki Server

  7. Cross-site scripting (XSS) bugs (simplified) Time Eve's browser Edit page: <script>httpReq(“/addAcl?u=Eve”) </script> Wiki pages table ID ID Text Text 5 5 Welcome!! <script>...</script> Alice's browser Wiki Server

  8. Cross-site scripting (XSS) bugs (simplified) Time Eve's browser Wiki pages table ID ID Text Text <script> httpReq(“/addAcl?u=Eve”) 5 5 Welcome!! <script>...</script> </script> Alice's browser Wiki Server

  9. Cross-site scripting (XSS) bugs (simplified) Time Eve's browser Wiki pages table ID ID Text Text <script> httpReq(“/addAcl?u=Eve”) 5 5 Welcome!! <script>...</script> </script> Alice's browser Wiki Server Attack code runs as Alice

  10. Cross-site scripting (XSS) bugs (simplified) Time Eve's browser Wiki pages table ID ID Text Text <script> httpReq(“/addAcl?u=Eve”) 5 5 <script>...</script> Welcome!! </script> Legitimate Alice's requests browser Wiki Server Attack code Add Eve to ACL: runs as Alice /addAcl?u=Eve

  11. Recovering web application integrity is hard ● Web apps store data in shared data store ● Multiple users data is commingled ● Users access each other's data ● Makes recovering from attack complicated: ● Attack propagates across users ● Attack can arbitrarily corrupt user data – e.g., financial information ● Attack can install backdoors – e.g., modify ACLs, install Google apps scripts

  12. Limited recovery tools ● Backup-and-restore tools ● Attack may be detected days or weeks later ● Restoring from backup discards all users' changes ● Manual recovery ● Admin spends days or weeks tracking attack's effects ● Admin could miss a subtle backdoor or corruption

  13. Contributions ● Warp: web application intrusion recovery ● Undoes effects of attack but keeps legitimate changes ● Works for real applications: MediaWiki, Drupal, Gallery2 ● Key ideas: ● Retroactive patching eliminates need to pinpoint attack ● Time-travel DB precisely tracks causal effects ● DOM-level replay preserves users' intended changes

  14. High-level approach: rollback and re-execute ● Normal execution ● Record actions in system to a log ● Record causal dependencies between actions ● Record checkpoints system state ● Repair ● Identify attack action ● Rollback affected system state to before attack ● Replay all affected actions except attack action

  15. Normal execution Time Eve's browser Eve's Req Wiki pages table ID Text 5 <script>...</script> ID Text 5 Welcome!! Dependencies Dependencies Alice's Req Alice's Warp logs browser Warp state … … Wiki Server

  16. Normal execution Time Eve's browser Eve's Req Wiki pages table ID Text Log HTTP requests 5 <script>...</script> Log database ID Text queries 5 Welcome!! Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp logs browser Warp state … … Wiki Server

  17. Normal execution Time Eve's browser Eve's Req Wiki pages table ID Text ID Text 5 Welcome!! Maintain 5 <script>...</script> ID Text checkpoints Checkpoints of database 5 Welcome!! Server actions Server actions Server Server Server actions Server actions Dependencies Dependencies Dependencies Dependencies Alice's Req Alice's Warp logs Warp logs browser Warp state Warp state … … Wiki Server

  18. Normal execution Time Eve's browser Eve's Req Wiki pages table ID Text ID Text Record 5 Welcome!! 5 <script>...</script> user actions ID Text using a browser Checkpoints 5 Welcome!! extension Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Client actions Client actions Warp logs browser Warp state … … Wiki Server Client actions

  19. Strawman repair Time Eve's browser Eve's Req Wiki pages table ID Text ID Text 5 Welcome!! 5 <script>...</script> ID Text Checkpoints 5 Welcome!! Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp client log Client actions Client actions Warp logs browser Warp state … … Wiki Server

  20. Repair: identify attack Time Eve's browser Eve's Req Wiki pages table ID Text ID Text Attack action 5 Welcome!! 5 <script>...</script> ID Text Checkpoints 5 Welcome!! Server actions Dependencies Alice's Req Alice's Client actions browser Warp state … … Wiki Server

  21. Repair: rollback to before attack Time Eve's browser Eve's Req Wiki pages table ID Text Rollback DB 5 Welcome!! ID Text Checkpoints 5 Welcome!! Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp client log Client actions Client actions Warp logs browser Warp state … … Wiki Server

  22. Repair: skip attack action X Time Eve's X browser X Eve's Req X Wiki pages table ID Text 5 Welcome!! ID Text Checkpoints 5 Welcome!! Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp client log Client actions Client actions Warp logs browser Warp state … … Wiki Server

  23. Repair: re-execute subsequent actions X Time Eve's X browser X Eve's Req X Wiki pages table ID Text Re-execute Alice's actions in 5 Welcome!! shadow browser Checkpoints Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp client log Client actions Client actions Warp logs browser Warp state … … Wiki Server Warp client log Client actions

  24. Repair: re-execute subsequent actions X Time Eve's X browser X Eve's Req X Wiki pages table ID Text 5 Welcome!! New response: Welcome!! Checkpoints Server actions Server Server actions Dependencies Dependencies Alice's Req Alice's Warp client log Client actions Client actions Warp logs browser Warp state … … Wiki Server Warp client log Client actions No attack code

  25. Repair: re-execute subsequent actions X Time Eve's X browser X Eve's Req X Wiki pages table ID Text 5 Welcome!! Checkpoints Server actions Server Server actions Preserve Dependencies Dependencies Alice's Req legitimate requests Alice's Warp client log Client actions Client actions Warp state browser Warp state X … … Wiki Server Client actions Skip attack requests

  26. Challenges to intrusion recovery X Time Eve's X browser Wiki pages table ID Text ID Text 5 Welcome!! 5 Welcome!! Alice's browser X Wiki Server

  27. Challenges to intrusion recovery X Time Eve's Must pinpoint X browser intrusion in a complex app Wiki pages table ID Text ID Text 5 Welcome!! 5 Welcome!! Alice's browser X Wiki Server

  28. Challenges to intrusion recovery X Time Eve's Must pinpoint X browser intrusion in a complex app Bob's Wiki pages table Must reduce browser unnecessary ID Text ID Text re-execution 5 Welcome!! 5 Welcome!! Alice's browser X Wiki Server

  29. Challenges to intrusion recovery X Time Eve's Must pinpoint X browser intrusion in a complex app Bob's Wiki pages table Must reduce browser unnecessary ID Text ID Text re-execution 5 Welcome!! 5 Welcome!! Alice's Must reduce browser X user involvement during repair Wiki Server

  30. Challenge 1: intrusion detection is difficult Time Eve's browser Need expert Wiki pages table to pinpoint attack ID Text ID ID Text Text 5 Welcome!! 5 5 Welcome!! <script>...</script> Alice's browser Wiki Server

  31. Idea: retroactive patching ● Key observation: patch renders attacks harmless ● Approach: ● Retroactively apply security patches back in time ● Re-execute all affected requests

  32. Retroactive patching Time Eve's browser Eve's Req Wiki pages table ID Text ID Text 5 Welcome!! 5 <script>...</script> ID Text 5 Welcome!! Alice's Req Alice's browser … … Wiki Server

  33. Retroactive patching: normal execution Time Eve's main.php browser Eve's Req Wiki pages table ID Text ID Text 5 Welcome!! 5 <script>...</script> ID Text 5 Welcome!! Alice's Req Alice's browser … … Wiki Server

  34. Retroactive patching: repair Time Eve's main.php browser Eve's Req Wiki pages table ID Text ID Text 5 Welcome!! 5 <script>...</script> ID Text 5 Welcome!! Alice's Req Alice's browser … … Wiki Server

Recommend

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam Chlipala OSDI 2010 Beyond Code Injection 1.Injection An application includes an Dependent on application-specific unintended run-time program

595 views • 20 slides
21 Database Recovery Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer

21 Database Recovery Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer

21 Database Recovery Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science Carnegie Mellon University Fall 2019 2 CRASH RECOVERY Recovery algorithms are techniques to ensure database consistency, transaction

4.72k views • 44 slides
Database Recovery Lecture # 21 Database Systems Andy Pavlo AP AP Computer Science

Database Recovery Lecture # 21 Database Systems Andy Pavlo AP AP Computer Science

Database Recovery Lecture # 21 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645 Carnegie Mellon Univ. Fall 2018 2 CRASH RECOVERY Recovery algorithms are techniques to ensure database consistency, transaction atomicity,

970 views • 73 slides
ADVANCED DATABASE SYSTEMS Recovery Protocols @ Andy_Pavlo // 15- 721 // Spring 2019 CMU

ADVANCED DATABASE SYSTEMS Recovery Protocols @ Andy_Pavlo // 15- 721 // Spring 2019 CMU

Lect ure # 12 ADVANCED DATABASE SYSTEMS Recovery Protocols @ Andy_Pavlo // 15- 721 // Spring 2019 CMU 15-721 (Spring 2019) 2 DATABASE RECOVERY Recovery algorithms are techniques to ensure database consistency , atomicity and durability

1.05k views • 50 slides
Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2003 Concurrency Control Data Base Recovery and Security CMPUT 391: Database Recovery and Security

274 views • 12 slides
Microfabricated GC for Sub-ppb v Determinations of TCE in Vapor Intrusion Applications Jim

Microfabricated GC for Sub-ppb v Determinations of TCE in Vapor Intrusion Applications Jim

Microfabricated GC for Sub-ppb v Determinations of TCE in Vapor Intrusion Applications Jim Reisinger 1 , Hungwei Chang 2 , Sun Kyu Kim 2 , Thitiporn Sukaew 2 , Edward Zellers 2 and David Burris 1 1 Integrated Science &amp; Technology, Inc. 2

494 views • 22 slides
RECOVERY CHAPTER 21,23 (6/E) CHAPTER 17,19 (5/E) LECTURE OUTLINE Failures

RECOVERY CHAPTER 21,23 (6/E) CHAPTER 17,19 (5/E) LECTURE OUTLINE Failures

RECOVERY CHAPTER 21,23 (6/E) CHAPTER 17,19 (5/E) LECTURE OUTLINE Failures Recoverable schedules Transaction logs Recovery procedure 2 PURPOSE OF DATABASE RECOVERY To bring the database into the most recent consistent

481 views • 14 slides
Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches Ph.D. Thesis Defense December 17th, 2019 1 HP Labs (ronny.chevalier@hp.com) 2 CIDRE Team, CentraleSuplec/Inria/CNRS/IRISA

1.66k views • 140 slides
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems ACSAC, December 13th, 2019 1 HP Labs, United Kingdom (ronny.chevalier@hp.com, david.plaquin@hp.com, cid@hp.com) 2 CIDRE Team,

820 views • 56 slides
Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture #24:

Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture #24:

Faloutsos CMU SCS 15-415 CMU SCS Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture #24: Crash Recovery - part 1 (R&amp;G, ch. 18) CMU SCS General Overview Preliminaries Write-Ahead Log - main ideas

340 views • 19 slides
Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim ,

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim ,

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL Today's web services are highly interconnected Many web services provide APIs to other sites Many websites

1.17k views • 82 slides
Designing Database Applications Walid G. Aref Roadmap for Designing Database Applications 1.

Designing Database Applications Walid G. Aref Roadmap for Designing Database Applications 1.

Designing Database Applications Walid G. Aref Roadmap for Designing Database Applications 1. Analyzing real-world applications Real-world application side: Domain experts To tell their story What they need DBMS side: System

584 views • 46 slides
5. Technology Applications 5.1 What is a Database? 5.2 Types of Databases 5.3 Choosing the

5. Technology Applications 5.1 What is a Database? 5.2 Types of Databases 5.3 Choosing the

5. Technology Applications 5.1 What is a Database? 5.2 Types of Databases 5.3 Choosing the Right Database 5.4 Database Programming Tools 5.5 How to Search Your Database 5.6 Data Warehousing and Mining 5.7 Enterprise-Wide Data Systems

1.14k views • 88 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Towards Regression Testing for Database Applications Gregory M. Kapfhammer Department of

Towards Regression Testing for Database Applications Gregory M. Kapfhammer Department of

Introduction to Database Applications Database-Aware Test Coverage Monitoring Regression Testing Experimental Study Future Work and Conclusions Towards Regression Testing for Database Applications Gregory M. Kapfhammer Department of

475 views • 23 slides
Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr. Nen-Fu (Fred) Huang Professor, Department of Computer Science, National Tsing Hua University, Taiwan President, Broadweb Corp, Taiwan E-mail:

846 views • 41 slides
Nonconformist Resilience: Database-backed Job Queues John Mileham | @jmileham User Signup

Nonconformist Resilience: Database-backed Job Queues John Mileham | @jmileham User Signup

Nonconformist Resilience: Database-backed Job Queues John Mileham | @jmileham User Signup with Email Confirmation User Signup with Email Confirmation A feature so easy were still fighting about how to do it in 2017 Requirements:

1.05k views • 76 slides
Recovery Methods 5DV120 Database System Principles Ume a University Department of

Recovery Methods 5DV120 Database System Principles Ume a University Department of

Recovery Methods 5DV120 Database System Principles Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Recovery Methods 20160814 Slide 1 of 42 The Issue of Recovery in the

660 views • 42 slides
Recovery Methods 5DV120 Database System Principles Ume a University Department of

Recovery Methods 5DV120 Database System Principles Ume a University Department of

Recovery Methods 5DV120 Database System Principles Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Recovery Methods 20130526 Slide 1 of 33 The Issue of Recovery in the

483 views • 33 slides
Database Applications JDBC SQL Injection Course Objectives Design Construction Applications

Database Applications JDBC SQL Injection Course Objectives Design Construction Applications

Database Applications JDBC SQL Injection Course Objectives Design Construction Applications Usage JDBC JDBC = Java DataBase Connectivity JDBC is Javas call-level interface to SQL DBMSs. A library with operations that

444 views • 30 slides
Modern techniques for transaction- oriented database recovery Caetano Sauer My pleas 1.Demand

Modern techniques for transaction- oriented database recovery Caetano Sauer My pleas 1.Demand

Modern techniques for transaction- oriented database recovery Caetano Sauer My pleas 1.Demand on-demand recovery 2.Make the log great again Demand on-demand recovery ARIES Recovery info B A B A Transactions Pages requiring requiring

934 views • 23 slides
The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model of information, with time Provides database as a value to applications Bring declarative programming to applications Focus on reducing

688 views • 51 slides
Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of system security: preventing attacks System hardening tools/techniques (e.g.,) Firewall, AntiVirus 2 My work on preventing attacks

1.76k views • 116 slides
Graphs All The Way Down Building A GraphQL API Backed By A Graph Database William Lyon @lyonwj

Graphs All The Way Down Building A GraphQL API Backed By A Graph Database William Lyon @lyonwj

Graphs All The Way Down Building A GraphQL API Backed By A Graph Database William Lyon @lyonwj lyonwj.com William Lyon Developer Relations Engineer @neo4j will@neo4j.com @lyonwj lyonwj.com Agenda Graph databases - Neo4j Intro to

724 views • 48 slides

More recommend