Comparing Reliability Mechanisms for Secure Web Servers: Actors, Exceptions and Futures

Penev, D. and Trinder, P. (2020) Comparing Reliability Mechanisms for Secure Web Servers: Actors, Exceptions and Futures. In: 16th International Conference on Web Information Systems and Technologies (WEBIST 2020), 3-5 Nov 2020, pp. 51-58. ISBN 9789897584787 (doi:10.5220/0010017200510058)

[img] Text
222315.pdf - Accepted Version
Restricted to Repository staff only

203kB

Abstract

Modern web applications must be secure, and use authentication and authorisation for verifying the identity and the permissions of users. Programming language reliability mechanisms commonly implement web application security and include exceptions, actors and futures. This paper compares the performance and programmability of these three reliability mechanisms for secure web applications on the popular Scala/Akka platform. Key performance metrics are throughput and latency for workloads comprising successful, unsuccessful and mixed requests across increasing levels of concurrent connections. We find that all reliability mechanisms fail fast: unsuccessful requests have low mean latency (1-2ms) but dramatically reduce throughput: by more than 100x. For a realistic authentication workloads exceptions have the highest throughput (187K req/s) and the lowest mean latency (around 5ms), followed by futures. Our programmability study focuses on the available attack surface measured as code bl ocks in the web application implementation. For authentication and authorisation actors have the smallest number of code blocks for both our benchmark (3) and a sequence of n security checks (n + 1). Both futures and exceptions have 4 (2n) code blocks. We conclude that Actors minimise programming complexity and hence attack surface.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Penev, Mr Danail and Trinder, Professor Phil
Authors: Penev, D., and Trinder, P.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9789897584787
First Published:First published in Proceedings of the 16th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, 51-58, 2020
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record