Penev, D. and Trinder, P. (2020) Comparing Reliability Mechanisms for Secure Web Servers: Actors, Exceptions and Futures. In: 16th International Conference on Web Information Systems and Technologies (WEBIST 2020), 3-5 Nov 2020, pp. 51-58. ISBN 9789897584787 (doi: 10.5220/0010017200510058)
Text
222315.pdf - Accepted Version Restricted to Repository staff only 203kB |
Abstract
Modern web applications must be secure, and use authentication and authorisation for verifying the identity and the permissions of users. Programming language reliability mechanisms commonly implement web application security and include exceptions, actors and futures. This paper compares the performance and programmability of these three reliability mechanisms for secure web applications on the popular Scala/Akka platform. Key performance metrics are throughput and latency for workloads comprising successful, unsuccessful and mixed requests across increasing levels of concurrent connections. We find that all reliability mechanisms fail fast: unsuccessful requests have low mean latency (1-2ms) but dramatically reduce throughput: by more than 100x. For a realistic authentication workloads exceptions have the highest throughput (187K req/s) and the lowest mean latency (around 5ms), followed by futures. Our programmability study focuses on the available attack surface measured as code bl ocks in the web application implementation. For authentication and authorisation actors have the smallest number of code blocks for both our benchmark (3) and a sequence of n security checks (n + 1). Both futures and exceptions have 4 (2n) code blocks. We conclude that Actors minimise programming complexity and hence attack surface.
Item Type: | Conference Proceedings |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Penev, Mr Danail and Trinder, Professor Phil |
Authors: | Penev, D., and Trinder, P. |
College/School: | College of Science and Engineering > School of Computing Science |
ISBN: | 9789897584787 |
First Published: | First published in Proceedings of the 16th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, 51-58, 2020 |
Related URLs: |
University Staff: Request a correction | Enlighten Editors: Update this record