Tuesday, October 6, 2009
Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution
K.Vikram, Abhishek Prateek, and Ben Livshits. Presented by Joel Weinberger. The paper presents a system, Ripley, which allows for the automatic replicated execution of a client-side program. In modern web applications and AJAX frameworks, more and more computation is pushed to the client in order to reduce the amount of communication between the client and server. However, as computation is pushed to the client, malicious users can abuse this to violate the integrity of data on the server. Ripley automatically extracts client computation so it can be replicated on the server and verified.