1 / 25

Detective Browsers: A Software Technique to Improve Web Access Performance and Security

Detective Browsers: A Software Technique to Improve Web Access Performance and Security. Songqing Chen * and Xiaodong Zhang *^ * College of William and Mary ^ National Science Foundation. Proxy Services. Proxy is designed for buffering static contents (and/or building a firewall).

blaine
Télécharger la présentation

Detective Browsers: A Software Technique to Improve Web Access Performance and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detective Browsers: A Software Technique to Improve Web Access Performance and Security Songqing Chen* and Xiaodong Zhang*^ *College of William and Mary ^National Science Foundation HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  2. Proxy Services • Proxy is designed for • buffering static contents (and/or building a firewall). • Dynamic contents not cached but unnecessarily • make connections to servers, and • temporarily store documents. • Up to more than 40% dynamic Web contents. • Secured transactions not cached but unecessarily • tunneled through. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  3. Proxy Overhead for Dynamic Content 4 3 2 1 5 6 http://www.../cgi-bin/a forwarding missing parsing 7 8 Internet 9 11 receiving 10 & delivering store/ delete Client Client Side Proxy Server HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  4. Proxy Overhead http://www.example/cgi-bin/a Parsing Fetching/failing Forwarding executing Receiving & delivering Storing/deleting Proxy HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  5. Proxy Overhead for Secured Transactions HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  6. Proxy Overhead Parsing Forwarding https://USAcreditcard.com Executing Receiving/ Forwarding Proxy HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  7. Questions • How large is the proxy overhead for processing dynamic and secured transactions? • What are the performance effects and security concerns? • What are alternatives to eliminate the overhead and other concerns? HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  8. Outline • Examination of the proxy structure • Technical difficulties in the proxy • Proxy overheads • Detective borwser • Implementation and performance • Conclusion HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  9. Basic Functions of Proxy Receive a client request Send a request to server No Content available? Yes Send IMS to server No Valid? Receive the content Yes Either receive a confirmed message or a new content Deliver the content to the client HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  10. Processing Dynamic Contents in Proxy • Upon a client request, the proxy checks if the content is available and valid. • This is a miss. Forwarding the request to the server and get it. • Store it, but later find it as non-cacheable. Put it in LRU list for replacement. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  11. Eliminating the Overhead • Proxy asks server to directly deliver • the client must have multiple ports. • Proxy asks client directlycontact server • processing request and declination • Proxy does not cache the content • processing overhead remains. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  12. Processing Secured Transactions in Proxy • SSL provides encrypted data transmission. • Upon receiving an SSL session request, the proxy starts to ``tunnel” (or ``connect”). • Buffer the request in proxy, and then send it to the server. • Upon receiving reply from server, send it to the client. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  13. Potential Security Concerns in Proxy • Bogus transactions • proxy can be used to relay bogus transactions • Ircache proxy was used as an anonimizer to make fraudulent credit card purchases. Ircache was blamed for this! • Ircache group has denied all SSL requests. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  14. Quantifying Proxy Overhead Client Server Proxy Client HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  15. Measurement Environment • The client is text-based, excluding displays and other functions on Pentium 3 (1 GHz) • Squid proxy (2.3-STABLE4) on Pentium 3. • 10 popular sites with diverse locations and service natures (.com, .org, .edu, and .gov) • Client sends requests every hour, 24 times a day. • Repeated measurements 100 times in each site. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  16. Measurement Results • Proxy overhead is independent of static or dynamic contents. • Average overhead is 20% of the access time. • The overhead is reduced little by a using a faster proxy host machine (Pentinum 4, 1.7 GHz). • We believe our measurements also reflects the tunneling overhead. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  17. Detective Browser • A browser with detective functions: • upon a request, the browser checks if it is for a dynamic content or secured transactions. • If so, the browser will bypass the proxy, and directly connect to the server. • Otherwise, the request is treated routinely. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  18. Bypassing the Proxy (dynamic) http://www.example/cgi-bin/a Executing HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  19. Bypassing the Proxy (secured) http://USAcreditcard.com Executing HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  20. The Types of Detected Contents • Script (cgi, asp, PHP) • Queries (``?”, search engines) • SSI (Server Side Includes) • Secure ports HTTP requests (443, 563) • HTTPS requests • Method and Auth HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  21. Detector’s Software Structure • A user demean with detecting function is attached to an unmodified browser. • Parses each request to search specific symbols in URL/header. (StringSearch). • Use ConnectionRedirect to bypass proxy. • Implemented with Mozilla 0.9.7. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  22. Detector Overhead Measurements • Browser detecting time for each request. • The measured time is 5 to 6 microsecond. • Insignificant to a client. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  23. Effectiveness of Detective Browser Proxy trace analysis of NLANR (2/25/02 to 3/4/02) • pb.us.ircache.net (east coast): • 11-23% of queries, SSI, and scripts. • bo.us.ircache.net (Rocky mountain area) • 15-98% of queries, SSI, and scripts. • sj.us.ircache.net (San Jose area) • 10-24% of queries, SSI, and scripts. • Secured transactions are not recored because the proxy stopped accepting them since 1998. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  24. What are Not Able to Detect Servers determine the dynamic natures of following rare requests: • Pragma • cache-control • Response-status • Push-content • Vary HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

  25. Conclusion • Quantify unnecessary proxy overheads and securityconcerns for dynamic and secured transactions. • Overhead and security concerns are rooted from the proxy structure itself. • Detective browser detects commonly used dynamic and secured transactions, and bypass proxy, with little overhead. HPCS Lab, William and Mary WCW 2002, Boulder, Colorado 8/15//2002

More Related