The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

Cheng Tan, Lingfan Yu, Joshua B. Leners, Michael Walfish

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

Original languageEnglish (US)
Title of host publicationSOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles
PublisherAssociation for Computing Machinery, Inc
Pages546-564
Number of pages19
ISBN (Electronic)9781450350853
DOIs
StatePublished - Oct 14 2017
Event26th ACM Symposium on Operating Systems Principles, SOSP 2017 - Shanghai, China
Duration: Oct 28 2017Oct 31 2017

Other

Other26th ACM Symposium on Operating Systems Principles, SOSP 2017
CountryChina
CityShanghai
Period10/28/1710/31/17

Fingerprint

Servers

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Software

Cite this

Tan, C., Yu, L., Leners, J. B., & Walfish, M. (2017). The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. In SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles (pp. 546-564). Association for Computing Machinery, Inc. https://doi.org/10.1145/3132747.3132760

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. / Tan, Cheng; Yu, Lingfan; Leners, Joshua B.; Walfish, Michael.

SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc, 2017. p. 546-564.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tan, C, Yu, L, Leners, JB & Walfish, M 2017, The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. in SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc, pp. 546-564, 26th ACM Symposium on Operating Systems Principles, SOSP 2017, Shanghai, China, 10/28/17. https://doi.org/10.1145/3132747.3132760
Tan C, Yu L, Leners JB, Walfish M. The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. In SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc. 2017. p. 546-564 https://doi.org/10.1145/3132747.3132760
Tan, Cheng ; Yu, Lingfan ; Leners, Joshua B. ; Walfish, Michael. / The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web. SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles. Association for Computing Machinery, Inc, 2017. pp. 546-564
@inproceedings{e1e09845d08c43148839eb5c7c5766ef,
title = "The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web",
abstract = "You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10{\%} overhead for the server.",
author = "Cheng Tan and Lingfan Yu and Leners, {Joshua B.} and Michael Walfish",
year = "2017",
month = "10",
day = "14",
doi = "10.1145/3132747.3132760",
language = "English (US)",
pages = "546--564",
booktitle = "SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

AU - Tan, Cheng

AU - Yu, Lingfan

AU - Leners, Joshua B.

AU - Walfish, Michael

PY - 2017/10/14

Y1 - 2017/10/14

N2 - You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

AB - You put a program on a concurrent server, but you don’t trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6–10.9× speedup versus simply re-executing, with <10% overhead for the server.

UR - http://www.scopus.com/inward/record.url?scp=85041645850&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041645850&partnerID=8YFLogxK

U2 - 10.1145/3132747.3132760

DO - 10.1145/3132747.3132760

M3 - Conference contribution

SP - 546

EP - 564

BT - SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles

PB - Association for Computing Machinery, Inc

ER -