Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

ACIDRain: Concurrency-Related Attacks on Datab...

ACIDRain: Concurrency-Related Attacks on Database-Backed Web Applications

More Decks by Stanford Future Data Systems

Other Decks in Technology

Transcript

  1. 2 Explore Real World Transaction Usage • Do programmers use

    transactions correctly? • This paper: 22 new critical vulnerabilities due to incorrect transaction usage – Corrupt store inventory, overspend giftcards, steal items • 50% of eCommerce sites (2M+) at risk
  2. 7

  3. 8

  4. 9

  5. 12

  6. 13

  7. 14 “By sending thousands of simultaneous requests, the attacker was

    able to ‘move’ coins from one user account to another until the sending account was overdrawn, before balances were updated.”
  8. 15 What's Happening? • Race condition – application exhibits behavior

    under concurrent execution not possible under serial execution • Can we exploit these behaviors? • Yes! We call this exploitation of non- serializable API behavior an ACIDRain attack
  9. 16 Overview • Problem setup • New method for detecting

    latent potential for non-serializable behavior • Evaluation – analysis of 12 eCommerce platforms
  10. 17 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Application Server Database
  11. 18 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Application Server Database
  12. 19 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Application Server Database
  13. 20 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Application Server Database
  14. 21 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Application Server Application Server Database
  15. 22 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Database Application Server
  16. 23 Problem Setup: Attacking Websites http POST request SELECT ...

    UPDATE ... SELECT ... http GET request Serializability of API Requests Serializability of Database Transactions Application Server Database
  17. 24 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY
  18. 25 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 0 Application Server Database
  19. 26 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 0 Application Server Database
  20. 27 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 0 Application Server Database
  21. 28 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 1 Application Server Database
  22. 29 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 1 Application Server Database
  23. 30 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 1 Bob Checkout usage = 1 Application Server Database
  24. 31 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 0 Application Server Database
  25. 32 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 0 Application Server Database
  26. 33 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 0 Application Server Database
  27. 34 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 0 Application Server Database
  28. 35 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 1 Application Server Database
  29. 36 Non-Transactional Implementation def checkVoucher(code): usage = readUsage(code) if (usage

    == 0): markUsed(code) SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE usage = 1 Application Server Database
  30. 37 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT
  31. 38 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  32. 39 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  33. 40 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  34. 41 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  35. 42 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  36. 43 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 0 Database Application Server
  37. 44 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 1 Database Application Server
  38. 45 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 1 Database Application Server
  39. 46 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 1 Database Application Server
  40. 47 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 1 Database Application Server
  41. 48 Transactional Implementation def checkVoucher(code): beginTxn() usage = readUsage(code) if

    (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Alice Checkout SELECT 0 UPDATE SELECT 0 Bob Checkout UPDATE BEGIN BEGIN COMMIT COMMIT usage = 1 Database Application Server Will one of the transactions fail? It depends
  42. 49 = prevents anomaly = exhibits anomaly Many Databases Allow

    This Anomaly Database Default Isolation Maximum Isolation Actian Ingres 10.0/10S Aerospike Akiban Persistit Clustrix CLX 4100 Greenplum 4.1 IBM DB2 10 for z/OS MySQL 5.6 MemSQL 1b MS SQL Server 2012 NuoDB Oracle 11g Oracle Berkeley DB Oracle Berkeley DB JE Postgres 9.2.2 SAP HANA ScaleDB 1.02 VoltDB
  43. 50 Two Sources of Vulnerabilities • Databases providing weak isolation

    may exhibit non-serializable behavior def checkVoucher(code): beginTxn() usage = readUsage(code) if (usage == 0): markUsed(code) commit() def checkVoucher(code): usage = readUsage(code) if (usage == 0): markUsed(code) • Programmers may code transactions incorrectly
  44. 51 Overview • Problem setup • New method for detecting

    latent potential for non-serializable behavior • Evaluation – analysis of 12 eCommerce platforms
  45. 52 Analysis Challenges • Want to analyze web applications written

    in multiple languages and frameworks • Anomalies only occur under concurrent execution, but website activity is often serial
  46. 53 Approach: Abstract Anomaly Detection (2AD) Collect (possibly serial) logs

    from database Build compact representation of history (abstract history graph) Search abstract history for cycles to generate possible anomalous API calls 1. 2. a 3.
  47. 60 Approach: Abstract Anomaly Detection (2AD) Collect (possibly serial) logs

    from database Build compact representation of history (abstract history graph) Search abstract history for cycles to generate possible anomalous API calls 1. 2. a 3.
  48. 61 Abstract History Graph def checkVoucher(code): beginTxn() usage = readUsage(code)

    if (usage == 0): markUsed(code) commit() BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT
  49. 62 Abstract History Graph BEGIN TRANSACTION SELECT usage FROM voucher

    WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT
  50. 63 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation Add node for each operation 1.
  51. 64 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction Add node for each operation Add supernode for each transaction 1. 2.
  52. 65 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction = API Call Add node for each operation Add supernode for each transaction Add super-supernode for each API call 1. 2. 3.
  53. 66 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction = API Call = Conflict Add node for each operation Add supernode for each transaction Add super-supernode for each API call Add edge for each conflict 1. 2. 3. 4.
  54. 67 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction = API Call = Conflict Add node for each operation Add supernode for each transaction Add super-supernode for each API call Add edge for each conflict 1. 2. 3. 4.
  55. 68 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction = API Call = Conflict Add node for each operation Add supernode for each transaction Add super-supernode for each API call Add edge for each conflict 1. 2. 3. 4.
  56. 69 Abstract History Graph r(voucher) w(voucher) r(voucher) w(voucher) BEGIN TRANSACTION

    SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT = Operation = Transaction = API Call = Conflict Add node for each operation Add supernode for each transaction Add super-supernode for each API call Add edge for each conflict Search for cycles in the graph 1. 2. 3. 4. 5.
  57. 70 Abstract History Graph r(voucher) w(voucher) = Operation = Transaction

    = API Call = Conflict BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY BEGIN TRANSACTION SELECT usage FROM voucher WHERE code = HNUHY UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT UPDATE voucher SET usage = 1 WHERE code = HNUHY COMMIT Add node for each operation Add supernode for each transaction Add super-supernode for each API call Add edge for each conflict Search for cycles in the graph 1. 2. 3. 4. 5. r(voucher) w(voucher)
  58. 71 Completeness Guarantees • Completeness: if there is a potential

    anomalous execution, this approach will find it • Soundness: discussion in paper Thm: Given a set of API calls, there exists an anomalous execution of the API calls if and only if there is a cycle in the abstract history.
  59. 72 Limitations • Does not take into account user level

    (i.e., "feral" [Bailis et al. 2015]) concurrency control def checkVoucher(code): beginTxn() usage = readUsage(code) if (usage == 0): markUsed(code) commit()
  60. 73 Limitations • Does not take into account user level

    (i.e., "feral" [Bailis et al. 2015]) concurrency control def checkVoucher(code): beginTxn() usage = readUsage(code) if (usage == 0): markUsed(code) commit() def checkVoucher(code): appLock.lock() usage = readUsage(code) if (usage == 0): markUsed(code) appLock.release()
  61. 74 Overview • Problem setup • New method for detecting

    latent potential for non-serializable behavior • Evaluation – analysis of 12 eCommerce platforms
  62. 83 Cart Invariant Total charged for an order should be

    equal to the value of items associated with the order
  63. 84 Cart Invariant Total charged for an order should be

    equal to the value of items associated with the order
  64. 85 Cart Invariant Total charged for an order should be

    equal to the value of items associated with the order
  65. 86 Analysis Results Application Language Inventory Voucher Cart Opencart PHP

    ✗ ✗ ✔ Prestashop PHP ✗ ✗ ✔ Magento PHP ✗ ✗ ✔ WooCommerce PHP ✗ ✗ ✔ Spree Ruby on Rails ✔ ✔ ✔ Ror_ecommerce Ruby on Rails ✗ N/A ✗ Shoppe Ruby on Rails ✗ N/A ✗ Oscar Python (Django) ✗ ✗ ✔ LFS Python (Django) ✗ ✗ ✗ Saleor Python (Django) ✗ ✗ N/A Broadleaf Java (Spring) N/A ✗ ✗ Shopizer Java (Spring) N/A N/A ✗ ✗ = vulnerable, ✔ = not vulnerable 22 new vulnerabilities!
  66. 87 Analysis Results Application Language Inventory Voucher Cart Opencart PHP

    ✗ ✗ ✔ Prestashop PHP ✗ ✗ ✔ Magento PHP ✗ ✗ ✔ WooCommerce PHP ✗ ✗ ✔ Spree Ruby on Rails ✔ ✔ ✔ Ror_ecommerce Ruby on Rails ✗ N/A ✗ Shoppe Ruby on Rails ✗ N/A ✗ Oscar Python (Django) ✗ ✗ ✔ LFS Python (Django) ✗ ✗ ✗ Saleor Python (Django) ✗ ✗ N/A Broadleaf Java (Spring) N/A ✗ ✗ Shopizer Java (Spring) N/A N/A ✗ ✗ = vulnerable, ✔ = not vulnerable 22 new vulnerabilities! 2M+ sites at risk
  67. 88 Analysis Results Application Language Inventory Voucher Cart Opencart PHP

    ✗ ✗ ✔ Prestashop PHP ✗ ✗ ✔ Magento PHP ✗ ✗ ✔ WooCommerce PHP ✗ ✗ ✔ Spree Ruby on Rails ✔ ✔ ✔ Ror_ecommerce Ruby on Rails ✗ N/A ✗ Shoppe Ruby on Rails ✗ N/A ✗ Oscar Python (Django) ✗ ✗ ✔ LFS Python (Django) ✗ ✗ ✗ Saleor Python (Django) ✗ ✗ N/A Broadleaf Java (Spring) N/A ✗ ✗ Shopizer Java (Spring) N/A N/A ✗ ✗ = vulnerable, ✔ = not vulnerable 22 new vulnerabilities! 2M+ sites at risk 4 different languages
  68. 89 Analysis Results Application Language Inventory Voucher Cart Opencart PHP

    ✗ ✗ ✔ Prestashop PHP ✗ ✗ ✔ Magento PHP ✗ ✗ ✔ WooCommerce PHP ✗ ✗ ✔ Spree Ruby on Rails ✔ ✔ ✔ Ror_ecommerce Ruby on Rails ✗ N/A ✗ Shoppe Ruby on Rails ✗ N/A ✗ Oscar Python (Django) ✗ ✗ ✔ LFS Python (Django) ✗ ✗ ✗ Saleor Python (Django) ✗ ✗ N/A Broadleaf Java (Spring) N/A ✗ ✗ Shopizer Java (Spring) N/A N/A ✗ ✗ = vulnerable, ✔ = not vulnerable 22 new vulnerabilities! 2M+ sites at risk 4 different languages 5 errors due to DB default isolation
  69. 90 Analysis Results Application Language Inventory Voucher Cart Opencart PHP

    ✗ ✗ ✔ Prestashop PHP ✗ ✗ ✔ Magento PHP ✗ ✗ ✔ WooCommerce PHP ✗ ✗ ✔ Spree Ruby on Rails ✔ ✔ ✔ Ror_ecommerce Ruby on Rails ✗ N/A ✗ Shoppe Ruby on Rails ✗ N/A ✗ Oscar Python (Django) ✗ ✗ ✔ LFS Python (Django) ✗ ✗ ✗ Saleor Python (Django) ✗ ✗ N/A Broadleaf Java (Spring) N/A ✗ ✗ Shopizer Java (Spring) N/A N/A ✗ ✗ = vulnerable, ✔ = not vulnerable 22 new vulnerabilities! 2M+ sites at risk 4 different languages 5 errors due to DB default isolation 17 errors due to improper transaction usage
  70. 97

  71. 98

  72. 101 Related Work • [Bailis et al. 2015] Study user

    level (Feral) invariants in Ruby on Rails applications • [Jorwekar et al. 2007] Provide analysis methods for detecting potential anomalies in transaction programs for Snapshot Isolation • [Fekete et al. 2009] Quantify Read Committed and Snapshot Isolation anomalies • Our focus is on any non-serializable behavior in API based web applications as observed in practice
  73. 102 Conclusions • Many popular eCommerce applications do not use

    transactions correctly • 2AD: a new, cross-language analysis tool to check for potential anomalies • Using 2AD, we find 22 new vulnerabilities due to incorrect transaction usage affecting up to 2M+ eCommerce sites
  74. 103 Conclusions • Many popular eCommerce applications do not use

    transactions correctly • 2AD: a new, cross-language analysis tool to check for potential anomalies • Using 2AD, we find 22 new vulnerabilities due to incorrect transaction usage affecting up to 2M+ eCommerce sites Thanks! [email protected] https://github.com/stanford-futuredata/acidrain