Git Product home page Git Product logo

rampart's Introduction

Rampart

Rampart is a system for protecting the back end of web applications from CPU-exhaustion Denial-of-Service (DoS) attacks. It leverages context-aware function-level program profiling and statistical execution models to help defend against such attacks. Rampart is very lightweight and introduces a modest runtime overhead.

It has been implemented for PHP applications as an extension to the PHP Zend engine. The implementation is based on the Tideways PHP Profiler Extension version 4.1.3.

You can find more information about Rampart in our USENIX Security 2018 research paper. The BibTeX format file is provided with the source code.

Requirements

  • PHP 5.6 or 7.0
  • php-dev, libsqlite3-dev packages
  • numpy, sqlite3 for Python
  • Tested with Linux amd64 architecture

Installation

Build rampart from source:

phpize
./configure
make
sudo make install

Create necessary directories for rampart:

sudo mkdir -p /var/log/rampart/logs
sudo mkdir -p /var/log/rampart/db
sudo chown www-data:www-data /var/log/rampart/logs
sudo chown www-data:www-data /var/log/rampart/db

You can modify the source code to use other locations. Please ensure that your web server has the write permission to access the directories.

Afterwards you need to enable the extension in your php.ini (e.g., /etc/php/7.0/apache2/php.ini) and then restart Apache:

extension=rampart.so

Run

Start the Python script for managing profiling data and filter rules.

python stat_db_mgr.py

Rampart can then enforce the defense after receiving at least five legitimate requests per PHP script as a training step. You are recommended to use test inputs with a high code coverage for a better protection.

Parameters

There are many parameters that control how Rampart works. They can be modified in the rampart_setting.h file. In particular, Rampart terminates PHP instances serving suspicious requests only when the system average CPU usage is greater than CPU_USAGE_UPPER_THRESHOLD, which is set to 50% by default. Please read the paper for more details.

Copyright Information

Copyright © 2018 The Chinese University of Hong Kong

License

Rampart is licensed under the Apache License, Version 2.0. You can find a copy in the "LICENSE" file.

See the "NOTICE" file for information on the attribution notices.

Creator

Wei Meng [email protected]

rampart's People

Watchers

James Cloos avatar avatar

Forkers

peng-hui

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.