Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution

Ben Livshits, Abhishek Prateek, K. Vikram

MSR-TR-2008-174 |

Rich Internet applications are becoming increasingly distributed, as demonstrated by the popularity of AJAX or Web 2.0 applications such as Hotmail, Google Maps, Facebook, and many others. A typical multi-tier (asynchronous JavaScript and XML) AJAX application consists of a server component implemented in Java J2EE or .NET and a client-side component executing in JavaScript. The resulting application is more performant and responsive, because computation is moved closer to the client, thus avoiding unnecessary network round trips. However, once a portion of the code is moved to the client, a malicious user can easily subvert the client side of the computation. In this paper we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley replicates a copy of the client-side computation on the trusted server tier. Every client-side event is transferred to the replica of the client for execution. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity. We demonstrate that Ripley is able to secure six representative AJAX benchmarks with minimal performance overhead.