CN110795661B

CN110795661B - Web application system and method for providing end-to-end integrity protection

Info

Publication number: CN110795661B
Application number: CN201910933678.8A
Authority: CN
Inventors: 陈晶; 何琨; 杜瑞颖; 李高深
Original assignee: Shenzhen Research Institute of Wuhan University
Current assignee: Shenzhen Research Institute of Wuhan University
Priority date: 2019-09-29
Filing date: 2019-09-29
Publication date: 2023-03-24
Anticipated expiration: 2039-09-29
Also published as: CN110795661A

Abstract

The invention discloses a Web application system and a method for providing end-to-end integrity protection, wherein the system comprises a user client, a system client and a server; the user client is used for providing login and inquiry system client data services for the user; a system client for performing user authentication to authenticate a user's key; the server combines the static code and the data into a dynamic webpage; and whether the webpage code is tampered by an attacker on the server is confirmed by checking the browser of the user client. In the system, the user's browser may verify the integrity of the web page by verifying the results of the database query used to populate the page content. The evaluation results show that the system can support practical applications with moderate overhead. And the system can narrow the gap between the research work for protecting the integrity of the database system and the research application of the most popular use case in the database system and the Web application program.

Description

Web application system and method for providing end-to-end integrity protection

Technical Field

The invention belongs to the technical field of computers, relates to a Web application system and a method, and particularly relates to a low-overhead and efficient Web application system and a method for providing end-to-end integrity protection.

Background

Web applications store a wide range of data, including sensitive personal, medical, and financial information, as well as system control and operational data, which users and companies rely on to protect the integrity of their data and proper queries. Unfortunately, web application servers are frequently compromised, allowing attackers to tamper with data or computational results displayed on a Web page, thereby violating their integrity.

The integrity of Web page content is particularly important in applications where displayed data influences decisions, which is well reflected in medical network platforms where patient diagnostic data is stored on a Web server and accessed remotely by a physician, and where modification of such data can lead to misdiagnosis, incorrect treatment and even death. A recent study estimates that of the millions of people diagnosed incorrectly each year, half of them have serious deleterious consequences for the data. Another study estimated that 4 million people die each year from cardiac misdiagnosis, and some of the major causes of misdiagnosis are related to the failure of patients to provide an accurate medical history, and the mistakes made by physicians interpreting the test results. If the Web application with the patient's true test result data is corrupted, the processing results will therefore rely on incorrect data, resulting in serious damage.

In addition to medical security, web page integrity is also important for basic security attributes (e.g., confidentiality for active attackers), such as defining access controls by providing integrity protection for data structures.

A secure Web server protects the end-to-end integrity of applications in which many Web applications involve multiple users, typically implementing access control policies (e.g., a particular patient's data can only be manipulated by his physician). In addition, the Web server ensures that client data requests and queries execute correctly on complete and up-to-date (i.e., refreshed) data. However, an attacker that destroys the Web server may violate some or all of these attributes.

Disclosure of Invention

In order to solve the above problems, the present invention provides a Web application system and method that have low overhead and can efficiently provide end-to-end integrity.

The technical scheme adopted by the system of the invention is as follows: a Web application system providing end-to-end integrity protection, characterized by: the system comprises a user client, a system client and a server;

the user client is used for providing login and inquiry system client data services for the user;

the system client is used for performing user identity authentication to authenticate a key of a user;

the server is a main server and combines static codes and data into a dynamic webpage; and whether the webpage code is falsified by an attacker on the server is confirmed by checking a browser of the user client, and whether the user updates the latest information is ensured by introducing a hash server independent of the main server as supplement.

The technical scheme adopted by the method is as follows: a method of providing end-to-end integrity protection for a Web application, comprising the steps of:

step 1: specifying an integrity policy, and checking whether a webpage received from a system client meets the integrity policy by a user client;

the integrity policy comprises a trusted context, an integrity query prototype, a cross-trusted context query, a trusted context derived from user input and an integrity guarantee; the trusted context is the unit of write access control in the system of the invention, and the trusted context identified by a unique name is made up of a group of users called members. The integrity query prototype IQP is a query pattern that specifies that a particular set of read operations run in a particular trusted context. In addition, the guarantees that the system gives developers are informal: if the system does not detect corrupt data, the result of the read operation (lookup or aggregation) corresponding to the IQP with trusted context TC reflects the correct computation result of the latest data (according to linearized semantics).

Step 2: constructing an integrity protection model by using the authentication data structure as a basis;

the integrity protection model comprises an authentication data structure ADS forest, an integrity link mechanism, an integrity query prototype analyzer and trusted context member operations; the system of the invention utilizes an Authentication Data Structure (ADS) as a basic integrity protection construction module, and then establishes and maintains an ADS forest by means of IQP (intelligent resource management) based on the statement of developers and write-in operation released in the whole application program life cycle.

The IQP analyzer can perform integrity check on a database query sent by a client and check whether a user can run a query based on the defined IQP and the credible context to which the user belongs; for each read operation, the system client ensures that the query matches the called IQP handle. The present system maintains internally a set for storing trusted context access control lists and protects it by declaring the appropriate IQP.

And step 3: the main server checks whether the user client is authorized; if the server is misbehaving and unauthorized modification is allowed, the trusted client of the system will later detect this misbehaviour by checking whether the newly modified PK is allowed to perform this modification; PK is the hashed public key of the last modified entry.

Compared with the prior art, the invention has the advantages and positive effects that the advantages and positive effects of the Web application system are mainly reflected in the following aspects:

1. the Web application system realized by the invention is the first system platform for providing end-to-end integrity protection for data and query results in a webpage, many traditional network application programs implement an access control strategy for a plurality of user environments, and a Web server ensures that data requests and queries of a client are complete and latest data, but a Web attacker can destroy part or all attributes in the data. The system achieves the purpose of checking the integrity of code, data and query computation results in web pages by ensuring that these results are complete, correct and up-to-date.

2. The Web application system realized by the invention guarantees the integrity of the page by verifying the database query result used for filling the page content, and the query result can be verified in a general tool capable of verifying calculation nowadays, but the execution efficiency is very low. On the contrary, the Web application system realized by the invention firstly takes the ADS as the basis and combines other related technologies to solve the problem of low data verification efficiency in the end-to-end integrity protection process.

3. The Web application system realized by the invention can verify the query result in multi-user setting, because the system maintains an ADS forest by automatically mapping the trusted context to the ADS on the basis of the ADS, the integrity of the query (designated by an integrity chain) is ensured by spanning a plurality of trusted contexts, and the system logically nests one tree with other trees. Currently, the present system implements ADS that can verify range and equality queries and summaries, such as summing, counting, and averaging. In addition, in the traditional technology, if the reliability of the server and the connectivity of the client are not strictly protected, the server is likely to be attacked by fork, and the solution adopted by the invention is to use a small reliable server as a supplement, namely a hash server which is not communicated with the main server.

Drawings

FIG. 1 is an overview of a system in an embodiment of the invention;

fig. 2 is an illustration of an integrity chain mechanism in the integrity protection mechanism in the embodiment of the present invention.

Detailed Description

In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.

The invention considers a typical Web application scene, and the client accesses the Web server through the Web browser. The client may be a browser operated by a human user, or any device capable of communicating with a Web server over a network. The main server (sometimes simply referred to as a server) is a typical Web server consisting of a Web application front-end and a database server.

Referring to fig. 1, the present invention provides a Web application system for providing end-to-end integrity protection, which includes a user client, a system client, and a server;

a system client for performing user authentication to authenticate a user's key;

the server combines the static code and the data into a dynamic webpage; and whether the webpage code is tampered by an attacker on the server is confirmed by checking a browser of the user client, and whether the user updates the latest information is ensured by introducing a hash server independent of the main server as a supplement.

The system can ensure that an attacker cannot access the webpage and the database server. In the present system, a user's client browser can determine the integrity of a web page by verifying the results of a query from a database stored on a server. The system relies on a small, trusted computing base to provide strong integrity, including timeliness, completeness, and correctness for a set of universal database queries. In a multi-user setting with different write permissions, the system allows a developer to specify an integrity policy for the concept query result of the trusted context according to the present embodiment, and then to effectively execute the policy.

In basic setting, the system is a client network platform, and not only has the advantages of easy function expansion and easy development, but also has certain advantages in safety. At the client, a web page consists of two parts: application code written by a developer on top of the system framework, and an application system client. When a user logs in, the system client performs authentication to verify the user's key. At the server side, the static code and data are combined into a dynamic web page (with personalized content) at the client side. By checking the client's browser, it is confirmed whether the web page code (e.g., HTML, javaScript, and CSS) has not been tampered with by an attacker on the server. Also in multi-user systems that provide cryptographic assurance, the standard requirement is an identity provider (IDP), i.e. an entity that certifies each user's public key. Without such an IDP, an attacker on the server may provide the user with an incorrect public key. For example, if user A wants to grant access to user B, user A requests user B's public key from a server that uses the attacker's public key, so that the attacker gains access. When a user creates an account, the IDP is minimized. At this point it signs a pair of username and public key for each user who creates an account.

The invention also provides a Web application method for providing end-to-end integrity protection, which comprises the following steps:

integrity policies including trusted context TC, integrity query prototypes, cross-trusted context queries, derivation of trusted context from user input, integrity guarantees;

with the present system, by specifying an integrity policy, the user browser checks whether the Web page received from the Web server satisfies the policy. The trusted context TC is a unit of write access control in the present system, and the trusted context identified by a unique name is composed of a group of users called members, which are also called a trusted context member list or Access Control List (ACL) in the present embodiment. Only the members of the trusted context may influence the results of the query, the user creating the trusted context being the owner of the trusted context, who may add other members to or delete them from the trusted context ACL.

In the system, a developer specifies a required integrity policy through a set of Integrity Query Prototypes (IQPs) with associated trusted contexts. IQP is a query pattern that specifies that a particular set of read operations run in a particular trusted context, only members of which may affect the results of these queries. Thus, the integrity specification is associated with read operations and not data. In addition, these IQPs tell the system what calculations to run on the data so that the system prepares the data structure to verify such calculations. Once the developer has specified the necessary IQP to reflect the application integrity specification, "lookup" and "aggregation" can be invoked on the corresponding IQP handler.

Across trusted context queries in the present system, in systems not of the present invention, the developer may simply run a read operation to obtain all the entries requesting the query. However, if the server is hacked, the returned data list may not be complete. The system of the invention can not generate the phenomenon and can ensure the integrity of the query data.

Cross-credible context query is carried out in the system, the integrity of query data is ensured, and if the system detects damage, the query is invalid; if the system does not detect the damage, the query in each trusted context is set to be in a state incapable of being modified, so that the operation result of each client is ensured to be the latest, and the integrity of data is ensured; when a developer runs a read operation to obtain all the entries requested to be queried, if the server is invaded, the returned data list may be incomplete.

In the present system, trusted context is derived from user input, and in some applications, trusted context for running some queries is derived from user input. This requires special attention by developers and users, as this situation may arise in applications where anyone can create data units and write rights to others. Therefore, in this case, the developer must display an explicit name to the user. To do this, the developer can select a humanized name for the trusted context and then display the trusted context name directly to the user in a prominent manner. Our hash server prevents two trusted contexts from having the same name, and can also extend this protection to prevent two trusted contexts from having grammatically similar names.

The integrity assurance that the system gives to developers is informal: if the system does not detect corruption, the result of the read operation (lookup or aggregation) corresponding to the IQP with trusted context TC reflects the correct computation of the complete and up-to-date data (according to linearized semantics) as long as all user clients running on behalf of the TC members (or all relevant trusted contexts in the case of one complete chain) follow the system protocol. In particular, the query results cannot be changed by any user outside of the malicious server or the relevant trusted context. And the data items generated by the user client are "up-to-date", or after update, which reflects the most recently written content submitted in the linearizable semantics. In particular, the server cannot perform a fork attack because every user client can get the latest committed writes of any protected data at any time. The guarantees to the user are: the web page includes: (1) code of the original developer; (2) Correct and "up-to-date" information (data or query computation) generated by authorized users. The present system does not guarantee the availability of the server.

the integrity protection model comprises an authentication data structure ADS forest, an integral link mechanism, an integrity query prototype analyzer and trusted context member operations; the system of the invention utilizes an Authentication Data Structure (ADS) as a basic integrity protection construction module, and then establishes and maintains an ADS forest by means of IQP (intelligent resource management) based on the statement of developers and write-in operation released in the whole application program life cycle. The IQP analyzer checks whether the user can run a query based on the defined IQP and the trusted context to which the user belongs. For each read operation, the system client ensures that the query matches the called IQP handle. The present system maintains internally a set for storing trusted context access control lists and protects it by declaring the appropriate IQP.

In the system, the integrity protection mechanism is realized by executing an integrity policy: the system utilizes an Authentication Data Structure (ADS) as its underlying integrity protection building block. The ADS used by this embodiment includes a search tree sorted by eq-range field and combined with Merkle hash. Based on the IQP declared by the developer and the write operations issued throughout the application lifecycle, the system creates and maintains a forest of ADS. For each IQP, one ADS query IQP is created per trusted context in the system. The ADS forest is stored on the home server, and the ADS tree can be logically nested in other trees. As shown in fig. 2, the full link mechanism logically nests the ADS in another ADS. In this example, a trusted entity (such as the management of medical applications) manages patient groups using a predefined trusted context (named "admins") owned by a system administrator. One protected field is used to store the trusted context name for each group. This field may be used as a reference to identify all the correct trusted contexts corresponding to the patient group, which in turn protects the patient data. Thus, for queries that read patient profile data from all (unspecified) groups, the present embodiment may use the "administrator" trusted context as a root to establish integrity.

The system uses the Hash server to ensure whether the user updates the latest information, and when sending out the query, the system is characterized in that: the system client adds the generated random number to the query for inclusion in the signed response of the hash server. Based on this query, the server derives a set of hash server requests, the results of which will help verify the correctness of the query results. The server submits the query and the request to a hash server, the hash server executes the request in an atomic mode, then responds to the request and the random number of the user client, and provides a signed response to the server; the server computes the result of the query according to its state and uses the signed response of the hash server to prove the correctness of the query result to the client. The server typically needs to add some extra user client information to display some of the random numbers in the hash values provided by the hash server (which the system client generates) that prevent the server from replay attacks on the hash server and provide the user client with bad data.

For each query, if the server is authentic, the Web application system then checks the application for regular read-write access control (written by the developer), and if the issuing query client is not authorized to execute, it will reject the query. If the server is malicious, this step is skipped and the Web application will enforce write access control specified by IQP to achieve the effect of integrity access control.

The present system stores the latest root hash value of each ADS present in the system application and information about which user has made the latest update using a hash server. The hash server has a simple function, similar to key value storage. Which provides the system client with information signed for authenticity. It is used by system clients to verify that the data they read is up to date and complete. The hash server stores a map mapping where key is ID and value is entry E = (hash h, version v, public key PK, flag fixed PK). Version v facilitates performing serialized concurrent operations on each entry. Based on the value of fixedPK, the present embodiment distinguishes two types of entries: 1. trusted context ACL entries, this type of entry stores the root hash h of the ADS protecting the membership list (ACL) of the trusted context. The ID of such an entry is uniquely derived from its corresponding trusted context. Version v represents the number of modifications made so far. The public key PK belongs to the user who created the trusted context, i.e., the owner, fixedPK is true to indicate that the trusted context only allows the creator of this entry to modify the entry. This reflects the fact that only the owner of the trusted context is allowed to manipulate the trusted context ACL. ADS entry: this type of entry stores the root hash value h of the ADS that protects the application data associated with certain trusted contexts. The ID of such an entry is uniquely derived from their corresponding IQP and trusted context. Version v of entry E represents the number of modifications made to the entry so far, PK being the public key of the user who last modified the hash of the entry. FixedPK is false, indicating that anyone is allowed to modify this entry. The hash server does not check whether the client that modified this entry is allowed to modify. Instead, since all hash server requests pass through the host server, the host server must check whether the client is authorized. If the server is misbehaving and unauthorized modification is allowed, the trusted client of the system will later detect this misbehaviour by checking whether the newly modified PK is allowed to perform this modification.

The system platform realized by the invention is the first Web application platform which provides end-to-end integrity guarantee for data and query results in a webpage and prevents an attacker from damaging a Web server. In the system, the user's browser may verify the integrity of the web page by verifying the results of the database query used to populate the page content. Our evaluation results show that the system can support practical applications with moderate overhead. And the system can narrow the gap between the research work for protecting the integrity of the database system and the research application of the most popular use case in the database system and the Web application program.

In the system, an integrity policy is specified by an application developer, a user browser checks whether a Web page received from a Web server satisfies the policy, and when the server is destroyed by an attacker, the system checks the integrity of the code, data and query results in the Web page by ensuring that the results are complete, correct and up-to-date data. It is challenging to efficiently verify query results in a network setting. The present embodiment introduces the concept of querying Trusted Contexts (TC) and Integrity Query Prototypes (IQPs). Trusted context refers to a group of users that are allowed to influence some query results, e.g., by inserting, modifying or deleting data used in the query (affecting some query results). IQP is a declared query pattern associated with one or more trusted contexts, each query running in a specified trusted context.

In addition, the query result is verified in a multi-user setting, the system is established on an Authentication Data Structure (ADS), and the ADS forest is maintained by automatically mapping the trusted context to the ADS. The integrity of the query is ensured across multiple trusted contexts, as specified by the integrity chain, with the system logically nesting one tree with other trees. Currently, the present system implements ADS that can validate range and equation queries and summaries, such as sums, counts, and averages. By replacing the underlying ADS, the system can also be extended to support broader queries.

Finally, in multi-user and Web settings, in the case of loss of server trustworthiness and client connectability, fork attacks cannot be prevented and the data freshness cannot be guaranteed, the system uses some trusted server side in order to provide the latest data. The system tries to use a small trusted base server-a hash server running less than 650 lines of code. The integrity of the system remains unchanged as long as it is not in collusion with the primary server. The hash server stores a small amount of information (mainly hash values and version numbers), and based on the information, the system constructs the whole database in an effective mode, so that the latest characteristics of data are guaranteed. In addition, the hash server also solves the problems that the Web client is stateless and not always online.

The invention can ensure that attackers do not access the webpage and the database server. In the present system, a client browser can determine the integrity of a web page by verifying the results of a query from data stored on a server. In a multi-user setting with different write permissions, the present system allows a developer to specify an integrity policy for a trusted context based on conceptual query results for it, and then to efficiently execute the policy.

It should be understood that parts of the specification not set forth in detail are prior art; the above description of the preferred embodiments is intended to be illustrative, and not to be construed as limiting the scope of the invention, which is defined by the appended claims, and all changes and modifications that fall within the metes and bounds of the claims, or equivalences of such metes and bounds are therefore intended to be embraced by the appended claims.

Claims

1. A Web application method for providing end-to-end integrity protection adopts a Web application system for providing end-to-end integrity protection;

the method is characterized in that:

the system comprises a user client, a system client and a server;

the server combines the static codes and the data into a dynamic webpage; whether the webpage code is tampered by an attacker on the server is confirmed by checking a browser of the user client, and whether the user updates the latest information is ensured by introducing a hash server independent of the main server as a supplement;

the method comprises the following steps:

the integrity policy comprises a trusted context TC, an integrity query prototype IQP, cross-trusted context query, derivation of a trusted context from user input and integrity guarantee;

the integrity protection model comprises an authentication data structure ADS forest, an integral link mechanism, an integrity query prototype analyzer and trusted context member operations;

the system utilizes an authentication data structure ADS as a basic integrity protection construction module, and creates and maintains an ADS forest through the IQP (intelligent intermediate link protocol) based on the statement of developers and the write-in operation issued in the whole application program life cycle;

the IQP analyzer can perform integrity check on a database query sent by a client and check whether a user can run a query based on the defined IQP and the credible context to which the user belongs; for each read operation, the system client ensures that the query matches the called IQP handle; the system maintains internally a set for storing trusted context access control lists and protects it by declaring the appropriate IQP;

2. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: the trusted context TC is composed of member users identified by unique names, and the group of users are also called trusted context member lists or access control lists ACL; only members of the trusted context may influence the result of the query, the user creating the trusted context being the owner of the trusted context, who can add or remove other members from the trusted context ACL.

3. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: the integrity query prototype IQP is a query mode in which a specific read operation set is specified to run in a specific trusted context, and only members of the trusted context may influence the results of the queries; thus, the integrity specification is associated with read operations and not data; the integrity query prototype IQP is used to tell the system what computations to run on the data in order for the system to prepare the data structure to verify such computations; once the necessary integrity query prototype IQP is specified, which reflects the application integrity specification, the "lookup" and "aggregation" can be performed by calling on the corresponding integrity query prototype IQP handler.

4. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: the cross-trusted context query in the step 1 is used for ensuring the integrity of query data, and if the system detects damage, the query is invalid; if the system does not detect the damage, the query in each trusted context is set to be in a state incapable of being modified, so that the operation result of each client is ensured to be the latest, and the integrity of data is ensured; when a developer runs a read operation to obtain all the entries requested to be queried, if the server is invaded, the returned data list may be incomplete.

5. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: the derivation of the trusted context from the user input in step 1 is performed by the hash server to prevent the two trusted contexts from having the same name, and by extension protection to prevent the two trusted contexts from having grammatically similar names.

6. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: the integrity guarantee, if the system does not detect damage, the result of the read operation corresponding to the integrity query prototype IQP with trusted context TC reflects the correct calculation of the complete and up-to-date data, as long as all user clients running on behalf of the TC members or all the related trusted contexts follow the system protocol in case of one complete chain; the query results cannot be changed by any user outside the malicious server or the relevant trusted context, ensuring that the data generated by the user client is "up-to-date", or after an update, reflecting the most recently written content submitted in the linearizable semantics; the server cannot perform a fork attack because every user client can get the latest committed write of any protected data at any time.

7. The method for providing Web application of end-to-end integrity protection according to claim 1, wherein: in step 2, the hash server is used for storing the latest root hash value of each authentication data structure ADS existing in the system application program and the latest updated information of the user, the hash server provides the information with the authenticity signature for the system client, and the system client uses the hash server to verify whether the read data is latest and complete.

8. The method for providing Web application of end-to-end integrity protection according to claim 7, wherein: using a hash server to ensure whether a user updates the latest information, and when a query is sent out, adding a generated random number into the query by a system client so as to be contained in a signature response of the hash server; based on the query, the server derives a set of hash server requests; the server submits the query and the request to a hash server, the hash server executes the request in an atomic mode, then responds to the request and the random number of the user client, and provides a signed response to the server; the server calculates the query result according to the state of the server, and verifies the correctness of the query result to the user client by using the signature response of the hash server; the server generally needs to add some extra user client information to display some random numbers in the hash value provided by the hash server, and the random numbers generated by the system client prevent the server from carrying out replay attack on the hash server and provide bad data for the user client;

for each query, if the server is authentic, the Web application system then checks the application for regular read-write access control, and if the issued user client query is not authorized to be executed, it will reject the query; if the server is malicious, this step is skipped and the Web application system will enforce the write access control specified by the integrity query prototype analyzer IQP to achieve the effect of integrity access control.