Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution

Rich Internet applications are becoming increasingly distributed, as demonstrated by the popularity of AJAX or Web 2.0 applications such as Hotmail, Google Maps, Facebook, and many others. A typical multi-tier (asynchronous JavaScript and XML) AJAX application consists of a server component implemented in Java J2EE or .NET and a client-side component executing in JavaScript. The resulting application is more performant and responsive, because computation is moved closer to the client, thus avoiding unnecessary network round trips. However, once a portion of the code is moved to the client, a malicious user can easily subvert the client side of the computation. In this paper we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley replicates a copy of the client-side computation on the trusted server tier. Every client-side event is transferred to the replica of the client for execution. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity. We demonstrate that Ripley is able to secure six representative AJAX benchmarks with minimal performance overhead.