TY - JOUR
T1 - Trading-off security and performance in barrier slicing for remote software entrusting
AU - Ceccato, Mariano
AU - Preda, Mila Dalla
AU - Nagra, Jasvir
AU - Collberg, Christian
AU - Tonella, Paolo
N1 - Funding Information:
Acknowledgements This work was supported by funds from the European Commission (contract No. 021186-2 for the RE-TRUST project)
PY - 2009/6
Y1 - 2009/6
N2 - Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.
AB - Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks. Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.
KW - Program slicing
KW - Security
KW - Source code transformation
UR - http://www.scopus.com/inward/record.url?scp=65049083385&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=65049083385&partnerID=8YFLogxK
U2 - 10.1007/s10515-009-0047-y
DO - 10.1007/s10515-009-0047-y
M3 - Article
AN - SCOPUS:65049083385
SN - 0928-8910
VL - 16
SP - 235
EP - 261
JO - Automated Software Engineering
JF - Automated Software Engineering
IS - 2
ER -