Hi-sap: Secure and Scalable Web Server System for Shared Hosting Services

  • Daisuke Hara
  • Ryohei Fukuda
  • Kazuki Hyoudou
  • Ryota Ozaki
  • Yasuichi Nakayama
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 66)


We propose Hi-sap, a Web server system that solves internal security problems in a server used for shared hosting services and that achieves high site-number scalability with little performance degradation. Customers are often exposed to internal attacks, i.e., malicious customers illegally access other customers’ files. Existing approaches solve a portion of this problem, but they are not enough from the view point of performance, site-number scalability, or generality. The proposed system protects customers’ files by isolating them in separate security domains, “partitions” that are unit of protection, using a secure OS facility. A default partition is a Web site, and each partition has a Web server instance that runs under the privilege of an individual user and serves files in the partition. Since the Web servers reuse server processes and can run without the burden of a security mechanism themselves, there is little performance degradation. In addition, since Hi-sap dynamically controls the number of Web servers, the number of partitions in a server is scalable. We implemented Hi-sap on a Linux OS and evaluated its effectiveness. Experimental results show that Hi-sap has up to 14.3 times the performance of suEXEC and achieves high scalability of 1000 sites per server.


Security in a Server Shared Hosting Service Web Server Architecture Site-number Scalability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Goodwin, S., Vidgen, R.: Content, content, everywhere...time to stop and think? The process of Web content management. IEE Computing & Control Engineering Journal 13(2), 66–70 (2002)CrossRefGoogle Scholar
  3. 3.
    Apache HTTP Server,
  4. 4.
    Neulinger, N.: CGIWrap: User CGI Access,
  5. 5.
    Marsching, S.: suPHP,
  6. 6.
    Grunbacher, A.: POSIX Access Control Lists on Linux. In: Proc. FREENIX Track: 2003 USENIX Annual Technical Conference, pp. 259–272 (2003)Google Scholar
  7. 7.
    PHP: Hypertext Preprocessor,
  8. 8.
  9. 9.
  10. 10.
  11. 11.
    Hara, D., Ozaki, R., Hyoudou, K., Nakayama, Y.: Harache: A WWW Server Running with the Authority of the File Owner. J. IPS Japan 46(12), 3127–3137 (2005) (in Japanese)Google Scholar
  12. 12.
    Hara, D., Nakayama, Y.: Secure and High-performance Web Server System for Shared Hosting Service. In: Proc. the 12th International Conference on Parallel and Distributed Systems (ICPADS 2006), pp. 161–168 (2006)Google Scholar
  13. 13.
    Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proc. FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 29–40 (2001)Google Scholar
  14. 14.
    Classman, S.: A Caching Relay for the World Wide Web. In: Proc. the 1st International World-Wide Web Conference, pp. 69–76 (1994)Google Scholar
  15. 15.
    Kamp, P., Watson, R.: Jails: Confining the omnipotent root. In: Proc. the 2nd International System Administration and Networking Conference (2000)Google Scholar
  16. 16.
    Dike, J.: A user-mode port of the linux kernel. In: Proc. the USENIX Annual Linux Showcase and Conference (2000)Google Scholar
  17. 17.
  18. 18.
    Linux containers,
  19. 19.
    Suranyi, P., Abe, H., Hirotsu, T., Shinjo, Y., Kato, K.: General Virtual Hosting via Lightweight User-level Virtualization. In: Proc. the 2005 International Symposium on Applications and the Internet (SAINT 2005), pp. 229–236 (2005)Google Scholar
  20. 20.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: Proc. the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), pp. 164–177 (2003)Google Scholar
  21. 21.
    Waldspurger, C.A.: Memory Resource Management in VMware ESX Server. In: Proc. the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), pp. 181–194 (2002)Google Scholar
  22. 22.
    Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A., Voelker, G., Savage, S.: Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. In: Proc. the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), pp. 148–162 (2005)Google Scholar
  23. 23.
    Gupta, D., Lee, S., Vrable, M., Savage, S., Snoeren, A.C., Vahdat, A., Varghese, G., Voelker, G.M.: Difference engine: Harnessing memory redundancy in virtual machines. In: Proc. the 8th Symposium on Operating Systems Design and Implementation (OSDI 2008), pp. 309–322 (2008)Google Scholar
  24. 24.
    Milos, G., Murray, D.G., Hand, S., Fetterman, M.A.: Satori: Enlightened page sharing. In: Proc. the 2009 USENIX Annual Technical Conference (USENIX 2009), pp. 1–14 (2009)Google Scholar
  25. 25.
    Whitaker, A., Shaw, M., Gribble, S.: Denali: Lightweight Virtual Machines for Distributed and Networked Applications, University of Washington Technical Report, 02-02-01Google Scholar
  26. 26.
    McLean, J.: The algebra of security. In: Proc. 1988 IEEE Symposium on Security and Privacy, pp. 2–7 (1988)Google Scholar
  27. 27.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  28. 28.
    Mosberger, D., Jin, T.: httperf—A Tool for Measuring Web Server Performance. In: Proc. the 1st Workshop on Internet Server Performance, pp. 59–67 (1998)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Daisuke Hara
    • 1
  • Ryohei Fukuda
    • 1
  • Kazuki Hyoudou
    • 1
  • Ryota Ozaki
    • 1
  • Yasuichi Nakayama
    • 1
  1. 1.Department of Computer ScienceThe University of Electro-CommunicationsChofuJapan

Personalised recommendations