Konferenzpaper

Erschienen in: CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

Herausgeberliste: Roussev, Vassil

Jahr der Veröffentlichung: 2020

Seiten: 49-60

eISBN: 978-1-4503-7107-0

DOI Link: https://doi.org/10.1145/3374664.3375750

Konferenz: 10th ACM Conference on Data and Application Security and Privacy (CODASPY '20)

Abstract: 

Scalability and security are two important elements of contemporary distributed software systems. The Web vividly shows that while complying with the constraints defined by the architectural style REST, the layered design of software with intermediate systems enables to scale at large. Intermediaries such as caches, however, interfere with the security guarantees of the industry standard for protecting data in transit on the Web, TLS, as in these circumstances the TLS channel already terminates at the intermediate system's server. For more in-depth defense strategies, service providers require message-oriented security means in addition to TLS. These are hardly available and only in the form of HTTP signature schemes that do not take caches into account either. In this paper we introduce CREHMA, a REST-ful HTTP message signature scheme that guarantees the integrity and authenticity of Web assets from end-to-end while simultaneous allowing service providers to enjoy the benefits of Web caches. Decisively, CREHMA achieves these guarantees without having to trust on the integrity of the cache and without requiring making changes to existing Web caching systems. In extensive experiments we evaluated CREHMA and found that it only introduces marginal impacts on metrics such as latency and data expansion while providing integrity protection from end to end. CREHMA thus extends the possibilities of service providers to achieve an appropriate balance between scalability and security.

Harvard-Zitierstil: Nguyen, H. and Lo Iacono, L. (2020) CREHMA: Cache-aware REST-ful HTTP Message Authentication, in Roussev, V. (ed.) CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy. New York, NY: Association for Computing Machinery. pp. 49-60. https://doi.org/10.1145/3374664.3375750

APA-Zitierstil: Nguyen, H., & Lo Iacono, L. (2020). CREHMA: Cache-aware REST-ful HTTP Message Authentication. In Roussev, V. (Ed.), CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy. (pp. 49-60). Association for Computing Machinery. https://doi.org/10.1145/3374664.3375750