Title :
Access Control Architecture Separating Privilege by a Thread on a Web Server
Author :
Matsumoto, Ryosuke ; Okabe, Yasuo
Author_Institution :
Grad. Sch. of Inf., Kyoto Univ., Kyoto, Japan
Abstract :
In Web hosting services, hosting systems use access controls like suEXEC on apache Web servers to separate privilege by each virtual host. However, existing access control architectures on Web servers have a problem in their low performance and are not appropriate for dynamic contents like Web API since these architectures require termination of the process after each HTTP session. System developers are not easy to install existing access controls since these are provided by each interpreter and program execution methods conventionally. In this paper, we propose the access control architecture gmod_process_securityh. In this architecture a server process creates a new thread on the server process when accepting a request. Then, the web server separates privilege by the thread and processes the contents on the thread. The server process installed gmod_process_securityh executes programs faster. System developers can easily install it on web servers since we replace it with the complicated existing access controls. gmod_process_securityh can be installed for Apache HTTP Server on Linux as Apache Module which is widely used.
Keywords :
Web services; application program interfaces; authorisation; Apache HTTP server; Apache module; HTTP session; Linux; Web API; Web hosting services; Web server; access control architecture; gmod_process_securityh; program execution methods; suEXEC; Access control; Degradation; Instruction sets; Process control; Service oriented architecture; Web servers; Access Control; Runtime Privilege; Security in a Server; Web Server;
Conference_Titel :
Applications and the Internet (SAINT), 2012 IEEE/IPSJ 12th International Symposium on
Conference_Location :
Izmir
Print_ISBN :
978-1-4673-2001-6
Electronic_ISBN :
978-0-7695-4737-4
DOI :
10.1109/SAINT.2012.33
