The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

Cheng Tan, Lingfan Yu, Joshua B. Leners, and Michael Walfish
The 26th ACM Symposium on Operating Systems Principles (SOSP) October 28-31, 2017, Shanghai, China

• Best paper award.
• paper, extended version, slides, code

You put a program on a concurrent server, but you don't trust the server; later, you get a trace of the actual requests that the server received from its clients and the responses that it delivered. You separately get logs from the server; these are untrusted. How can you use the logs to efficiently verify that the responses were derived from running the program on the requests? This is the Efficient Server Audit Problem, which abstracts real-world scenarios, including running a web application on an untrusted provider. We give a solution based on several new techniques, including simultaneous replay and efficient verification of concurrent executions. We implement the solution for PHP web applications. For several applications, our verifier achieves 5.6--10.9x speedup versus simply re-executing, with <10% overhead for the server.

Bibtex Entry:

@inproceedings{tan2017efficient,
  author =      "Tan, Cheng and Yu, Lingfan and Leners, Joshua B and Walfish, Michael",
  title  =      {The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web},
  booktitle =   {Proceedings of the 26th Symposium on Operating Systems Principles},
  year =        {2017},
  month =       {October},
  organization= {ACM}
}