posted on 2002-05-01, 00:00authored byBryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig
Providing online access to sensitive data makes web
servers lucrative targets for attackers. A compromise of any
of the web server’s scripts, applications, or operating sys-
tem can leak the sensitive data of millions of customers. Un-
fortunately, many systems for stopping data leaks require
considerable effort from application developers, hindering
their adoption.
In this work, we investigate how such leaks can be pre-
vented with minimal developer effort. We propose CLAMP,
an architecture for preventing data leaks even in the
presence of web server compromises or SQL injection
attacks. CLAMP protects sensitive data by enforcing strong
access control on user data and by isolating code running
on behalf of different users. By focusing on minimizing
developer effort, we arrive at an architecture that allows
developers to use familiar operating systems, servers, and
scripting languages, while making relatively few changes to
application code – less than 50 lines in our applications.