Ripley and ConScript

Problem:

Rich Internet applications are becoming increasingly distributed, as demonstrated by the popularity of AJAX or Web 2.0 applications such as Hotmail, Google Maps, Facebook, and many others. A typical multi-tier AJAX (asynchronous JavaScript and XML) application consists of a server component implemented in Java J2EE or ASP.NET and a client-side component executing in JavaScript. The resulting application is more performant and responsive because computation is moved closer to the client, and thus avoids unnecessary network round trips for frequent user actions.

However, once a portion of the code is moved to the client, a malicious user can easily subvert the client side of the computation and potentially jeopardize sensitive server state, as shown below. The client can easily tamped with the data and manipulate the code residing on the client.

 

Solution:

We propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley replicates a copy of the client-side computation on the trusted server tier. Every client-side event is transferred to the replica of the client for execution.

Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity. We demonstrate that Ripley is able to reliably secure five complex and representative AJAX applications with minimal performance overhead. An architectural diagram of Ripley is shown in the figure below.

[big picture]

Ripley is built on top of Live Labs Volta, a distributing compiler for building AJAX applications.

Publications

People

Main contact

Interns

  • K. Vikram (Cornell), 2008
  • Abhishek Prateek (IIT Dehli), 2008