The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

Cheng Tan; Lingfan Yu; Joshua B. Leners; Michael Walfish

doi:10.1145/3132747.3132760

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

Cheng Tan, Lingfan Yu, Joshua B. Leners, Michael Walfish

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

Original language	English (US)
Title of host publication	SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles
Publisher	Association for Computing Machinery, Inc
Pages	546-564
Number of pages	19
ISBN (Electronic)	9781450350853
DOIs	https://doi.org/10.1145/3132747.3132760
State	Published - Oct 14 2017
Event	26th ACM Symposium on Operating Systems Principles, SOSP 2017 - Shanghai, China Duration: Oct 28 2017 → Oct 31 2017

Publication series

Name	SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles

Other

Other	26th ACM Symposium on Operating Systems Principles, SOSP 2017
Country/Territory	China
City	Shanghai
Period	10/28/17 → 10/31/17

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications
Software

Access to Document

10.1145/3132747.3132760

Cite this

Tan, C., Yu, L., Leners, J. B., & Walfish, M. (2017). The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. In SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles (pp. 546-564). (SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles). Association for Computing Machinery, Inc. https://doi.org/10.1145/3132747.3132760

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. / Tan, Cheng; Yu, Lingfan; Leners, Joshua B. et al.

SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc, 2017. p. 546-564 (SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Tan, C, Yu, L, Leners, JB & Walfish, M 2017, The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. in SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles, Association for Computing Machinery, Inc, pp. 546-564, 26th ACM Symposium on Operating Systems Principles, SOSP 2017, Shanghai, China, 10/28/17. https://doi.org/10.1145/3132747.3132760

Tan C, Yu L, Leners JB, Walfish M. The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. In SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc. 2017. p. 546-564. (SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles). doi: 10.1145/3132747.3132760

@inproceedings{e1e09845d08c43148839eb5c7c5766ef,

title = "The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web",

abstract = "You put a program on a concurrent server, but you don{\textquoteright}t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.",

author = "Cheng Tan and Lingfan Yu and Leners, {Joshua B.} and Michael Walfish",

note = "Publisher Copyright: 2017 Copyright held by the owner/author(s). Publication rights licensed to Association for Computing Machinery.; 26th ACM Symposium on Operating Systems Principles, SOSP 2017 ; Conference date: 28-10-2017 Through 31-10-2017",

year = "2017",

month = oct,

day = "14",

doi = "10.1145/3132747.3132760",

language = "English (US)",

series = "SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles",

publisher = "Association for Computing Machinery, Inc",

pages = "546--564",

booktitle = "SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles",

}

TY - GEN

T1 - The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

AU - Tan, Cheng

AU - Yu, Lingfan

AU - Leners, Joshua B.

AU - Walfish, Michael

N1 - Publisher Copyright: 2017 Copyright held by the owner/author(s). Publication rights licensed to Association for Computing Machinery.

PY - 2017/10/14

Y1 - 2017/10/14

N2 - You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

AB - You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

UR - http://www.scopus.com/inward/record.url?scp=85041645850&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041645850&partnerID=8YFLogxK

U2 - 10.1145/3132747.3132760

DO - 10.1145/3132747.3132760

M3 - Conference contribution

AN - SCOPUS:85041645850

T3 - SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles

SP - 546

EP - 564

BT - SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles

PB - Association for Computing Machinery, Inc

T2 - 26th ACM Symposium on Operating Systems Principles, SOSP 2017

Y2 - 28 October 2017 through 31 October 2017

ER -

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this