Efficient Auditing of Event-driven Web Applications

Ioanna Tzialla; Jeffery Wang; Jingyi Zhu; Aurojit Panda; Michael Walfish

doi:10.1145/3627703.3650089

Efficient Auditing of Event-driven Web Applications

Ioanna Tzialla, Jeffery Wang, Jingyi Zhu, Aurojit Panda, Michael Walfish

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

When a deployer of a web application puts that application on a server (on-prem or cloud), how can they be sure that the application is executing as intended? This paper studies how the deployer can efficiently check that the execution is faithful. We seek mechanisms that: (i) work with web applications that are built with modern event-driven web frameworks, (ii) impose tolerable computation and communication overheads on the web server, and (iii) are complete and sound. We exhibit such a mechanism, based on a new record-replay algorithm. We have implemented our algorithm in Karousos, a system that audits Node.js web applications.

Original language	English (US)
Title of host publication	EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems
Publisher	Association for Computing Machinery, Inc
Pages	1208-1224
Number of pages	17
ISBN (Electronic)	9798400704376
DOIs	https://doi.org/10.1145/3627703.3650089
State	Published - Apr 22 2024
Event	19th European Conference on Computer Systems, EuroSys 2024 - Athens, Greece Duration: Apr 22 2024 → Apr 25 2024

Publication series

Name	EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems

Conference

Conference	19th European Conference on Computer Systems, EuroSys 2024
Country/Territory	Greece
City	Athens
Period	4/22/24 → 4/25/24

Keywords

Execution Integrity
JavaScript
Web applications

ASJC Scopus subject areas

Computer Networks and Communications
Control and Systems Engineering
Hardware and Architecture

Access to Document

10.1145/3627703.3650089

Cite this

Tzialla, I., Wang, J., Zhu, J., Panda, A., & Walfish, M. (2024). Efficient Auditing of Event-driven Web Applications. In EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems (pp. 1208-1224). (EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems). Association for Computing Machinery, Inc. https://doi.org/10.1145/3627703.3650089

Efficient Auditing of Event-driven Web Applications. / Tzialla, Ioanna; Wang, Jeffery; Zhu, Jingyi et al.
EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems. Association for Computing Machinery, Inc, 2024. p. 1208-1224 (EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Tzialla, I, Wang, J, Zhu, J, Panda, A & Walfish, M 2024, Efficient Auditing of Event-driven Web Applications. in EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems. EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems, Association for Computing Machinery, Inc, pp. 1208-1224, 19th European Conference on Computer Systems, EuroSys 2024, Athens, Greece, 4/22/24. https://doi.org/10.1145/3627703.3650089

@inproceedings{c02dcf845f1f498d9f15b7d9a507d27e,

title = "Efficient Auditing of Event-driven Web Applications",

abstract = "When a deployer of a web application puts that application on a server (on-prem or cloud), how can they be sure that the application is executing as intended? This paper studies how the deployer can efficiently check that the execution is faithful. We seek mechanisms that: (i) work with web applications that are built with modern event-driven web frameworks, (ii) impose tolerable computation and communication overheads on the web server, and (iii) are complete and sound. We exhibit such a mechanism, based on a new record-replay algorithm. We have implemented our algorithm in Karousos, a system that audits Node.js web applications.",

keywords = "Execution Integrity, JavaScript, Web applications",

author = "Ioanna Tzialla and Jeffery Wang and Jingyi Zhu and Aurojit Panda and Michael Walfish",

note = "Publisher Copyright: {\textcopyright} 2024 ACM.; 19th European Conference on Computer Systems, EuroSys 2024 ; Conference date: 22-04-2024 Through 25-04-2024",

year = "2024",

month = apr,

day = "22",

doi = "10.1145/3627703.3650089",

language = "English (US)",

series = "EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems",

publisher = "Association for Computing Machinery, Inc",

pages = "1208--1224",

booktitle = "EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems",

}

TY - GEN

T1 - Efficient Auditing of Event-driven Web Applications

AU - Tzialla, Ioanna

AU - Wang, Jeffery

AU - Zhu, Jingyi

AU - Panda, Aurojit

AU - Walfish, Michael

PY - 2024/4/22

Y1 - 2024/4/22

N2 - When a deployer of a web application puts that application on a server (on-prem or cloud), how can they be sure that the application is executing as intended? This paper studies how the deployer can efficiently check that the execution is faithful. We seek mechanisms that: (i) work with web applications that are built with modern event-driven web frameworks, (ii) impose tolerable computation and communication overheads on the web server, and (iii) are complete and sound. We exhibit such a mechanism, based on a new record-replay algorithm. We have implemented our algorithm in Karousos, a system that audits Node.js web applications.

AB - When a deployer of a web application puts that application on a server (on-prem or cloud), how can they be sure that the application is executing as intended? This paper studies how the deployer can efficiently check that the execution is faithful. We seek mechanisms that: (i) work with web applications that are built with modern event-driven web frameworks, (ii) impose tolerable computation and communication overheads on the web server, and (iii) are complete and sound. We exhibit such a mechanism, based on a new record-replay algorithm. We have implemented our algorithm in Karousos, a system that audits Node.js web applications.

KW - Execution Integrity

KW - JavaScript

KW - Web applications

UR - http://www.scopus.com/inward/record.url?scp=85191994320&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85191994320&partnerID=8YFLogxK

U2 - 10.1145/3627703.3650089

DO - 10.1145/3627703.3650089

M3 - Conference contribution

AN - SCOPUS:85191994320

T3 - EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems

SP - 1208

EP - 1224

BT - EuroSys 2024 - Proceedings of the 2024 European Conference on Computer Systems

PB - Association for Computing Machinery, Inc

T2 - 19th European Conference on Computer Systems, EuroSys 2024

Y2 - 22 April 2024 through 25 April 2024

ER -

Efficient Auditing of Event-driven Web Applications

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this