Trading-off security and performance in barrier slicing for remote software entrusting

Mariano Ceccato, Mila Dalla Preda, Jasvir Nagra, Christian S Collberg, Paolo Tonella

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.

Original languageEnglish (US)
Pages (from-to)235-261
Number of pages27
JournalAutomated Software Engineering
Volume16
Issue number2
DOIs
StatePublished - Jun 2009

Fingerprint

Servers
Multiobjective optimization
Communication
Costs

Keywords

  • Program slicing
  • Security
  • Source code transformation

ASJC Scopus subject areas

  • Software

Cite this

Trading-off security and performance in barrier slicing for remote software entrusting. / Ceccato, Mariano; Preda, Mila Dalla; Nagra, Jasvir; Collberg, Christian S; Tonella, Paolo.

In: Automated Software Engineering, Vol. 16, No. 2, 06.2009, p. 235-261.

Research output: Contribution to journalArticle

Ceccato, Mariano ; Preda, Mila Dalla ; Nagra, Jasvir ; Collberg, Christian S ; Tonella, Paolo. / Trading-off security and performance in barrier slicing for remote software entrusting. In: Automated Software Engineering. 2009 ; Vol. 16, No. 2. pp. 235-261.
@article{d41b5450677f462f875e7c5d347aacd0,
title = "Trading-off security and performance in barrier slicing for remote software entrusting",
abstract = "Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.",
keywords = "Program slicing, Security, Source code transformation",
author = "Mariano Ceccato and Preda, {Mila Dalla} and Jasvir Nagra and Collberg, {Christian S} and Paolo Tonella",
year = "2009",
month = "6",
doi = "10.1007/s10515-009-0047-y",
language = "English (US)",
volume = "16",
pages = "235--261",
journal = "Automated Software Engineering",
issn = "0928-8910",
publisher = "Springer Netherlands",
number = "2",

}

TY - JOUR

T1 - Trading-off security and performance in barrier slicing for remote software entrusting

AU - Ceccato, Mariano

AU - Preda, Mila Dalla

AU - Nagra, Jasvir

AU - Collberg, Christian S

AU - Tonella, Paolo

PY - 2009/6

Y1 - 2009/6

N2 - Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.

AB - Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.

KW - Program slicing

KW - Security

KW - Source code transformation

UR - http://www.scopus.com/inward/record.url?scp=65049083385&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=65049083385&partnerID=8YFLogxK

U2 - 10.1007/s10515-009-0047-y

DO - 10.1007/s10515-009-0047-y

M3 - Article

AN - SCOPUS:65049083385

VL - 16

SP - 235

EP - 261

JO - Automated Software Engineering

JF - Automated Software Engineering

SN - 0928-8910

IS - 2

ER -