SlideShare a Scribd company logo

Saint2012 mod process security

Ryosuke MATSUMOTO
Ryosuke MATSUMOTO

In Web hosting services, hosting systems use access controls like suEXEC on apache Web servers to separate privilege by each virtual host. However, existing access control architectures on Web servers have a problem in their low performance and are not appropriate for dynamic contents like Web API since these architectures require termination of the process after each HTTP session. The system developers are not easy to install existing access controls since these are provided by each interpreter and program execution methods conventionally. In this paper, we propose the access control architecture “mod_process_security”. In this architecture a server process creates a new thread on the server process when accepting a request. Then, the web server separates privilege by the thread and processes the contents on the thread. The server process installed “mod_process_security” executes programs faster. System developers can easily install it on web servers since we replace it with the complicated existing access controls. “mod_process_security” can be installed for Apache HTTP Server on Linux as Apache Module which is widely used.

Technology
1 of 22
Download to read offline
Access Control Architecture Separating Privilege by a Thread on a Web Server - mod_process_security - Ryosuke MATSUMOTO, Yasuo OKABE Kyoto University 2012/7/18 SAINT2012 Izmir 1
Content 1. Introduction 2. Access Control on Web Servers 3. Proposed Access Control Architecture 4. Experiment and Evaluation 5. Conclusion 2012/7/18 SAINT2012 Izmir 2
Content 1. Introduction 2. Access Control on Web Servers 3. Proposed Access Control Architecture 4. Experiment and Evaluation 5. Conclusion 2012/7/18 SAINT2012 Izmir 3
Background • Deployment of Cloud Computing – Cost: Reducing the total cost off ownership (TCO), including hardware, software and operation – Security: Confidentiality, Integrity and Availability • PaaS (Platform as a Service): Large-Scale Shared Web Hosting Service, or so-called “Virtual Hosting” – Many Web sites share a single Operating System as well as HW resource. – Separation among sites is implemented using mechanism ether in OS or in the Web server. • Discretionary Access Control (DAC) : the access control model on UNIX and Windows OS "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. …” (wikipedia) – There exist some issues both in security and performance. • Ex) suEXEC for CGI on Apache HTTP Server – CGI method: low performance Executing dynamic contents securely and fast on large-scale shared Web hosting service 2012/7/18 SAINT2012 Izmir 4
Dynamic Contents on Web Servers • CGI is low-performance • DSO (Dynamic Shared Object) is enough fast, but… CGI DSO bottleneck Server Process Server Process CGI Process Program Program A built-in Interpreter Engineers’ needs to use DSO on a shared web hosting. 2012/7/18 SAINT2012 Izmir 5
Problem in Dynamic Contents Problem in access controls – DSO • Architecture separating privilege by a server process • Serious performance degradation when securely executed – CGI • Architecture separating privilege by a CGI process each • Intrinsically low performance in creating a child process – Existing access controls are provided by the execution methods each. • CGI , DSO, or other Interpreters • Complicated and user-unfriendly settings In executing dynamic contents on a shared Web hosting service, – Use of CGI is almost mandatory for security – If using DSO, separating privilege by a daemon process or VM ⇒ Too much overhead 2012/7/18 SAINT2012 Izmir 6
Our Research “Secure and high-performance access control architecture on large-scale shared Web virtual hosting” • We propose a thread-based security mechanism, and implement as a module “mod_process_security” – Architecture separating privilege by thread • Very little performance degradation using DSO • Enough security • Independent from the program execution method, either CGI or DSO – As an module for Apache HTTP Server on Linux 2012/7/18 SAINT2012 Izmir 7
Content • Introduction • Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 8
Overview of Access Control on a Web Server • Apache HTTP Server (not using access controls) – Using VirtualHost for a huge number of hosts. – Handling all requests by the privilege of server processes. – Files can be read via programs of any other host areas. • Basic architecture of access controls – Executing dynamic contents with the privilege of the contents. – Preventing access to other virtual host area. – suEXEC, mod_suid2 or mod_ruid2 and so on… Single server process OS Web Service A × Web Service B × × Virtual Host A × Virtual Host B Setting the privilege of the contents at each host area. 2012/7/18 SAINT2012 Izmir 9
Parent Server Process CGI (owner : root) suEXEC Archtecture Child Server Process (owner : apache) fork() execve() suexec-program bottleneck CGI Process (owner : root) setuid(), setgid() execve() CGI Process (owner : user1) index.php terminate process (owner: user1) 2012/7/18 SAINT2012 Izmir 10
Parent Server Process DSO (owner : root) mod_ruid2 Architechture Set cap(Linux capability) Child Server Process (owner : apache) bottleneck Set capability setuid(), setgid() Unset cap × Child Server Process execve() (owner : user1) Set capability index.php setuid(), setgid() terminate process (owner: user1) 2012/7/18 SAINT2012 Izmir × Changing the privilege of Server Process 11
Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 12
Proposed Access Control Architecture - mod_process_security - 1. Reducing the bottleneck using a thread • separating privilege by a controlling thread • Need not to terminate server processes • Creating a thread instead of forking a process 2. Independent of executing methods • Need not to install a software individually for CGI or DSO 3. Installation and setting are easy • Apache module • User-friendly specification 2012/7/18 SAINT2012 Izmir 13
Parent Server Process (owner : root) CGI mod_process_security Child Server Process (owner : apache) Create thread, set cap Control Thread (owner : apache) setuid・setgid, unset cap CGI Specification Control Thread (owner : user1) execve() CGI Process (owner : user1) index.php terminate process destroy thread (owner: user1) 2012/7/18 SAINT2012 Izmir 14
Parent Server Process (owner : root) DSO mod_process_security Child Server Process (owner : apache) Create thread, set cap Control Thread (owner : apache) DSO Specification setuid・setgid, unset cap execve() Control Thread (owner : user1) index.php (owner: user1) destroy thread 2012/7/18 SAINT2012 Izmir 15
Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 16
Experiment • Measuring response per second from a Web server • Generating requests per second from a client to a Web server • Evaluation of throughput by changing the number of requests • Evaluation of throughput by using each access controls • Printing phpinfo program(54KB), Benchmark software(httperf 0.9.0) Clinent Machine CPU Intel Core2Duo E8400 3.00GHz Memory 4GB NIC Realtek RTL8111/8168B 1Gbps OS CentOS 5.6 Web Server Machine CPU Intel Xeon X5355 2.66GHz Memory 8GB NIC Broadcom BCM5708 1Gbps OS CentOS 5.6 Middle 2012/7/18 Ware Apache SAINT2012 Izmir 2.2 17
Throughput 3000 DSO(mod_process_security ): Low throughput degradation 2500 DSO Responses/sec 2000 Access control for CGI 1500 Low performance degradation 1000 CGI DSO(mod_ruid2): about 4.5 responses 500 (Magnified in the next slide) for all requests 0 Requests/sec DSO(mod_process_security) DSO(not using access control) DSO(mod_ruid2) CGI(not using access control) CGI(suEXEC) 2012/7/18 SAINT2012 Izmir CGI(mod_process_security) 18
Throughput for CGI 200 180 Responses/sec 160 140 Not using access control、 mod_process_secuiry、 120 suEXEC 100 100 200 300 400 500 600 700 800 900 1000 Requests/sec CGI(not using access control) 2012/7/18 CGI(suexec) SAINT2012 Izmir CGI(mod_process_security) 19
Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 20
Conclusion 1. High performance and secure access control on multitenant apprications – High performance access control architecture for DSO – Use computing resource efficiently ⇒ Low cost 2. Independent of executing methods like CGI or DSO – Easy to install – user-friendly setting ⇒ In this architecture, you can withstand the advancement of Web services considering multitenant applications and low cost hosting services 2012/7/18 SAINT2012 Izmir 21
Future Research Plans • Encourage using mod_process_scurity – Now relesing in https://modules.apache.org/ • We plan to design new virtual host architecture by combining mod_process_security with the module that can manage resources more flexibility on each virtual host. 2012/7/18 SAINT2012 Izmir 22

Recommended

Kubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setKubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setTerry Cho
 
How to test code with mruby
How to test code with mrubyHow to test code with mruby
How to test code with mrubyHiroshi SHIBATA
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
Cloud Foundry Open Tour China
Cloud Foundry Open Tour ChinaCloud Foundry Open Tour China
Cloud Foundry Open Tour Chinamarklucovsky
 
Dynamic Languages & Web Frameworks in GlassFish
Dynamic Languages & Web Frameworks in GlassFishDynamic Languages & Web Frameworks in GlassFish
Dynamic Languages & Web Frameworks in GlassFishIndicThreads
 
Jruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaJruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaKeith Bennett
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 

Recommended

Kubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setKubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setTerry Cho
 
How to test code with mruby
How to test code with mrubyHow to test code with mruby
How to test code with mrubyHiroshi SHIBATA
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
Cloud Foundry Open Tour China
Cloud Foundry Open Tour ChinaCloud Foundry Open Tour China
Cloud Foundry Open Tour Chinamarklucovsky
 
Dynamic Languages & Web Frameworks in GlassFish
Dynamic Languages & Web Frameworks in GlassFishDynamic Languages & Web Frameworks in GlassFish
Dynamic Languages & Web Frameworks in GlassFishIndicThreads
 
Jruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaJruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaKeith Bennett
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesHiroshi SHIBATA
 
Introducing Koki Short
Introducing Koki ShortIntroducing Koki Short
Introducing Koki ShortSidhartha Mani
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalkHiroshi SHIBATA
 
Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesHiroshi SHIBATA
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4Hiroshi SHIBATA
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and futureHiroshi SHIBATA
 
Docker.io
Docker.ioDocker.io
Docker.ioLadislav Prskavec
 
ngServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyongServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyoSatoshi Tanaka
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04Hiroshi SHIBATA
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4Hiroshi SHIBATA
 
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"OpenStack Korea Community
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for RubyHiroshi SHIBATA
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014Hiroshi SHIBATA
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるJUNICHI YOSHISE
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe BookTim Riley
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPDana Luther
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHiroshi SHIBATA
 
Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)marklucovsky
 
How DSL works on Ruby
How DSL works on RubyHow DSL works on Ruby
How DSL works on RubyHiroshi SHIBATA
 
Gemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyGemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyHiroshi SHIBATA
 
20120525 mt websocket
20120525 mt websocket20120525 mt websocket
20120525 mt websocketRyosuke MATSUMOTO
 
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみたTsuyoshi Yamada
 

More Related Content

What's hot

Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesHiroshi SHIBATA
 
Introducing Koki Short
Introducing Koki ShortIntroducing Koki Short
Introducing Koki ShortSidhartha Mani
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalkHiroshi SHIBATA
 
Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesHiroshi SHIBATA
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and futureHiroshi SHIBATA
 
ngServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyongServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyoSatoshi Tanaka
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04Hiroshi SHIBATA
 
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"OpenStack Korea Community
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for RubyHiroshi SHIBATA
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014Hiroshi SHIBATA
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるJUNICHI YOSHISE
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe BookTim Riley
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPDana Luther
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHiroshi SHIBATA
 
Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)marklucovsky
 
Gemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyGemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyHiroshi SHIBATA
 

What's hot (20)

Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 Minutes
 
Introducing Koki Short
Introducing Koki ShortIntroducing Koki Short
Introducing Koki Short
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalk
 
Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard Libraries
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and future
 
Docker.io
Docker.ioDocker.io
Docker.io
 
ngServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyongServer and-collaboratived-development-between-san-francisco-and-tokyo
ngServer and-collaboratived-development-between-san-francisco-and-tokyo
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4
 
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for Ruby
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby Core
 
Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)Cloud Foundry Open Tour China (english)
Cloud Foundry Open Tour China (english)
 
How DSL works on Ruby
How DSL works on RubyHow DSL works on Ruby
How DSL works on Ruby
 
Gemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyGemification plan of Standard Library on Ruby
Gemification plan of Standard Library on Ruby
 

Viewers also liked

"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみたTsuyoshi Yamada
 
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構Ryosuke MATSUMOTO
 
Mod lua
Mod luaMod lua
Mod luado_aki
 
第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua
第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua
第2回 松本勉強会 2012 05 25 - apache2.4とmod_luaRyosuke MATSUMOTO
 
軽量Ruby『mruby』について
軽量Ruby『mruby』について軽量Ruby『mruby』について
軽量Ruby『mruby』についてRyosuke MATSUMOTO
 
Using ngx_lua / lua-nginx-module in pixiv
Using ngx_lua / lua-nginx-module in pixivUsing ngx_lua / lua-nginx-module in pixiv
Using ngx_lua / lua-nginx-module in pixivShunsuke Michii
 

Viewers also liked (8)

20120525 mt websocket
20120525 mt websocket20120525 mt websocket
20120525 mt websocket
 
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
"Bits from the Apache Maintainers / Upcoming apache2 2.4 transition" を読んでみた
 
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構
組み込みスクリプト言語Mrubyを利用したwebサーバの機能拡張支援機構
 
Mod mrubyについて
Mod mrubyについてMod mrubyについて
Mod mrubyについて
 
Mod lua
Mod luaMod lua
Mod lua
 
第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua
第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua
第2回 松本勉強会 2012 05 25 - apache2.4とmod_lua
 
軽量Ruby『mruby』について
軽量Ruby『mruby』について軽量Ruby『mruby』について
軽量Ruby『mruby』について
 
Using ngx_lua / lua-nginx-module in pixiv
Using ngx_lua / lua-nginx-module in pixivUsing ngx_lua / lua-nginx-module in pixiv
Using ngx_lua / lua-nginx-module in pixiv
 

Similar to Saint2012 mod process security

[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web ArchitecturesCarles Farré
 
GlassFish v3, OSGi Equinox Felix
GlassFish v3, OSGi Equinox FelixGlassFish v3, OSGi Equinox Felix
GlassFish v3, OSGi Equinox FelixLudovic Champenois
 
ASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in TechnologyASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in TechnologyMałgorzata Borzęcka
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshiftMamathaBusi
 
Securing Prometheus. Lessons Learned from OpenShift.pdf
Securing Prometheus. Lessons Learned from OpenShift.pdfSecuring Prometheus. Lessons Learned from OpenShift.pdf
Securing Prometheus. Lessons Learned from OpenShift.pdfJesús Ángel Samitier
 
Project Zero For Javapolis 2007
Project Zero For Javapolis 2007Project Zero For Javapolis 2007
Project Zero For Javapolis 2007Jason McGee
 
Custom Runtimes for the Cloud
Custom Runtimes for the CloudCustom Runtimes for the Cloud
Custom Runtimes for the CloudCloudBees
 
OSGi and Java EE in GlassFish - Tech Days 2010 India
OSGi and Java EE in GlassFish - Tech Days 2010 IndiaOSGi and Java EE in GlassFish - Tech Days 2010 India
OSGi and Java EE in GlassFish - Tech Days 2010 IndiaArun Gupta
 
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...Nagios
 
GR8Conf 2011: Adopting Grails
GR8Conf 2011: Adopting GrailsGR8Conf 2011: Adopting Grails
GR8Conf 2011: Adopting GrailsGR8Conf
 
Adopting Grails - GR8Conf Europe
Adopting Grails - GR8Conf EuropeAdopting Grails - GR8Conf Europe
Adopting Grails - GR8Conf EuropeKlausBaumecker
 
Programming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyProgramming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyC2B2 Consulting
 
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT Group
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
BP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM DominoBP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM DominoSerdar Basegmez
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikEdgar Espina
 
GlassFish in Production Environments
GlassFish in Production EnvironmentsGlassFish in Production Environments
GlassFish in Production EnvironmentsBruno Borges
 
Accelerating Data Management - Dave Fellinger - RDAP12
Accelerating Data Management - Dave Fellinger - RDAP12 Accelerating Data Management - Dave Fellinger - RDAP12
Accelerating Data Management - Dave Fellinger - RDAP12 ASIS&T
 

Similar to Saint2012 mod process security (20)

[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures
 
GlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium ParisGlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium Paris
 
GlassFish v3, OSGi Equinox Felix
GlassFish v3, OSGi Equinox FelixGlassFish v3, OSGi Equinox Felix
GlassFish v3, OSGi Equinox Felix
 
ASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in TechnologyASP.NET MVC Workshop for Women in Technology
ASP.NET MVC Workshop for Women in Technology
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshift
 
Securing Prometheus. Lessons Learned from OpenShift.pdf
Securing Prometheus. Lessons Learned from OpenShift.pdfSecuring Prometheus. Lessons Learned from OpenShift.pdf
Securing Prometheus. Lessons Learned from OpenShift.pdf
 
ESIGate dev meeting #4 21-11-2013
ESIGate dev meeting #4 21-11-2013ESIGate dev meeting #4 21-11-2013
ESIGate dev meeting #4 21-11-2013
 
Project Zero For Javapolis 2007
Project Zero For Javapolis 2007Project Zero For Javapolis 2007
Project Zero For Javapolis 2007
 
Custom Runtimes for the Cloud
Custom Runtimes for the CloudCustom Runtimes for the Cloud
Custom Runtimes for the Cloud
 
OSGi and Java EE in GlassFish - Tech Days 2010 India
OSGi and Java EE in GlassFish - Tech Days 2010 IndiaOSGi and Java EE in GlassFish - Tech Days 2010 India
OSGi and Java EE in GlassFish - Tech Days 2010 India
 
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
 
GR8Conf 2011: Adopting Grails
GR8Conf 2011: Adopting GrailsGR8Conf 2011: Adopting Grails
GR8Conf 2011: Adopting Grails
 
Adopting Grails - GR8Conf Europe
Adopting Grails - GR8Conf EuropeAdopting Grails - GR8Conf Europe
Adopting Grails - GR8Conf Europe
 
Programming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and GrizzlyProgramming WebSockets with Glassfish and Grizzly
Programming WebSockets with Glassfish and Grizzly
 
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
BP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM DominoBP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM Domino
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
 
GlassFish in Production Environments
GlassFish in Production EnvironmentsGlassFish in Production Environments
GlassFish in Production Environments
 
Accelerating Data Management - Dave Fellinger - RDAP12
Accelerating Data Management - Dave Fellinger - RDAP12 Accelerating Data Management - Dave Fellinger - RDAP12
Accelerating Data Management - Dave Fellinger - RDAP12
 

Recently uploaded

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Saint2012 mod process security

  • 1. Access Control Architecture Separating Privilege by a Thread on a Web Server - mod_process_security - Ryosuke MATSUMOTO, Yasuo OKABE Kyoto University 2012/7/18 SAINT2012 Izmir 1
  • 2. Content 1. Introduction 2. Access Control on Web Servers 3. Proposed Access Control Architecture 4. Experiment and Evaluation 5. Conclusion 2012/7/18 SAINT2012 Izmir 2
  • 3. Content 1. Introduction 2. Access Control on Web Servers 3. Proposed Access Control Architecture 4. Experiment and Evaluation 5. Conclusion 2012/7/18 SAINT2012 Izmir 3
  • 4. Background • Deployment of Cloud Computing – Cost: Reducing the total cost off ownership (TCO), including hardware, software and operation – Security: Confidentiality, Integrity and Availability • PaaS (Platform as a Service): Large-Scale Shared Web Hosting Service, or so-called “Virtual Hosting” – Many Web sites share a single Operating System as well as HW resource. – Separation among sites is implemented using mechanism ether in OS or in the Web server. • Discretionary Access Control (DAC) : the access control model on UNIX and Windows OS "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. …” (wikipedia) – There exist some issues both in security and performance. • Ex) suEXEC for CGI on Apache HTTP Server – CGI method: low performance Executing dynamic contents securely and fast on large-scale shared Web hosting service 2012/7/18 SAINT2012 Izmir 4
  • 5. Dynamic Contents on Web Servers • CGI is low-performance • DSO (Dynamic Shared Object) is enough fast, but… CGI DSO bottleneck Server Process Server Process CGI Process Program Program A built-in Interpreter Engineers’ needs to use DSO on a shared web hosting. 2012/7/18 SAINT2012 Izmir 5
  • 6. Problem in Dynamic Contents Problem in access controls – DSO • Architecture separating privilege by a server process • Serious performance degradation when securely executed – CGI • Architecture separating privilege by a CGI process each • Intrinsically low performance in creating a child process – Existing access controls are provided by the execution methods each. • CGI , DSO, or other Interpreters • Complicated and user-unfriendly settings In executing dynamic contents on a shared Web hosting service, – Use of CGI is almost mandatory for security – If using DSO, separating privilege by a daemon process or VM ⇒ Too much overhead 2012/7/18 SAINT2012 Izmir 6
  • 7. Our Research “Secure and high-performance access control architecture on large-scale shared Web virtual hosting” • We propose a thread-based security mechanism, and implement as a module “mod_process_security” – Architecture separating privilege by thread • Very little performance degradation using DSO • Enough security • Independent from the program execution method, either CGI or DSO – As an module for Apache HTTP Server on Linux 2012/7/18 SAINT2012 Izmir 7
  • 8. Content • Introduction • Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 8
  • 9. Overview of Access Control on a Web Server • Apache HTTP Server (not using access controls) – Using VirtualHost for a huge number of hosts. – Handling all requests by the privilege of server processes. – Files can be read via programs of any other host areas. • Basic architecture of access controls – Executing dynamic contents with the privilege of the contents. – Preventing access to other virtual host area. – suEXEC, mod_suid2 or mod_ruid2 and so on… Single server process OS Web Service A × Web Service B × × Virtual Host A × Virtual Host B Setting the privilege of the contents at each host area. 2012/7/18 SAINT2012 Izmir 9
  • 10. Parent Server Process CGI (owner : root) suEXEC Archtecture Child Server Process (owner : apache) fork() execve() suexec-program bottleneck CGI Process (owner : root) setuid(), setgid() execve() CGI Process (owner : user1) index.php terminate process (owner: user1) 2012/7/18 SAINT2012 Izmir 10
  • 11. Parent Server Process DSO (owner : root) mod_ruid2 Architechture Set cap(Linux capability) Child Server Process (owner : apache) bottleneck Set capability setuid(), setgid() Unset cap × Child Server Process execve() (owner : user1) Set capability index.php setuid(), setgid() terminate process (owner: user1) 2012/7/18 SAINT2012 Izmir × Changing the privilege of Server Process 11
  • 12. Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 12
  • 13. Proposed Access Control Architecture - mod_process_security - 1. Reducing the bottleneck using a thread • separating privilege by a controlling thread • Need not to terminate server processes • Creating a thread instead of forking a process 2. Independent of executing methods • Need not to install a software individually for CGI or DSO 3. Installation and setting are easy • Apache module • User-friendly specification 2012/7/18 SAINT2012 Izmir 13
  • 14. Parent Server Process (owner : root) CGI mod_process_security Child Server Process (owner : apache) Create thread, set cap Control Thread (owner : apache) setuid・setgid, unset cap CGI Specification Control Thread (owner : user1) execve() CGI Process (owner : user1) index.php terminate process destroy thread (owner: user1) 2012/7/18 SAINT2012 Izmir 14
  • 15. Parent Server Process (owner : root) DSO mod_process_security Child Server Process (owner : apache) Create thread, set cap Control Thread (owner : apache) DSO Specification setuid・setgid, unset cap execve() Control Thread (owner : user1) index.php (owner: user1) destroy thread 2012/7/18 SAINT2012 Izmir 15
  • 16. Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 16
  • 17. Experiment • Measuring response per second from a Web server • Generating requests per second from a client to a Web server • Evaluation of throughput by changing the number of requests • Evaluation of throughput by using each access controls • Printing phpinfo program(54KB), Benchmark software(httperf 0.9.0) Clinent Machine CPU Intel Core2Duo E8400 3.00GHz Memory 4GB NIC Realtek RTL8111/8168B 1Gbps OS CentOS 5.6 Web Server Machine CPU Intel Xeon X5355 2.66GHz Memory 8GB NIC Broadcom BCM5708 1Gbps OS CentOS 5.6 Middle 2012/7/18 Ware Apache SAINT2012 Izmir 2.2 17
  • 18. Throughput 3000 DSO(mod_process_security ): Low throughput degradation 2500 DSO Responses/sec 2000 Access control for CGI 1500 Low performance degradation 1000 CGI DSO(mod_ruid2): about 4.5 responses 500 (Magnified in the next slide) for all requests 0 Requests/sec DSO(mod_process_security) DSO(not using access control) DSO(mod_ruid2) CGI(not using access control) CGI(suEXEC) 2012/7/18 SAINT2012 Izmir CGI(mod_process_security) 18
  • 19. Throughput for CGI 200 180 Responses/sec 160 140 Not using access control、 mod_process_secuiry、 120 suEXEC 100 100 200 300 400 500 600 700 800 900 1000 Requests/sec CGI(not using access control) 2012/7/18 CGI(suexec) SAINT2012 Izmir CGI(mod_process_security) 19
  • 20. Contents • Introduction • Exsiting Access Control on Web Server • Proposed Access Control Architecture • Experiment and Evaluation • Conclusion 2012/7/18 SAINT2012 Izmir 20
  • 21. Conclusion 1. High performance and secure access control on multitenant apprications – High performance access control architecture for DSO – Use computing resource efficiently ⇒ Low cost 2. Independent of executing methods like CGI or DSO – Easy to install – user-friendly setting ⇒ In this architecture, you can withstand the advancement of Web services considering multitenant applications and low cost hosting services 2012/7/18 SAINT2012 Izmir 21
  • 22. Future Research Plans • Encourage using mod_process_scurity – Now relesing in https://modules.apache.org/ • We plan to design new virtual host architecture by combining mod_process_security with the module that can manage resources more flexibility on each virtual host. 2012/7/18 SAINT2012 Izmir 22