Title :
A low-cost runtime-privilege changing system for shared servers
Author :
Hara, Daisuke ; Nakayama, Yasuichi
Author_Institution :
Dept. of Comput. Sci., Univ. of Electro-Commun., Tokyo, Japan
Abstract :
We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user´s files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.
Keywords :
Linux; Web services; authorisation; file servers; Apache system; Linux operating system; Web servers; access control; malicious users; runtime-privilege changing system; server security problems; shared servers; Access control; Containers; File servers; Kernel; Linux; Scalability; Throughput; Virtual machining; Voice mail; Web server; Runtime Privilege; Security in a Server; Shared Hosting Service; Site-number Scalability; Web Server System;
Conference_Titel :
Advanced Communication Technology (ICACT), 2010 The 12th International Conference on
Conference_Location :
Phoenix Park
Print_ISBN :
978-1-4244-5427-3
