Orochi is a (research) system that solves The Efficient Server Audit Problem for PHP web applications. This paper defines the problem and gives context.
The following steps build Orochi's components and deploy them on your machine. The commands have been tested on Ubuntu 14.04, so we recommend using a newly installed Ubuntu 14.04. A fresh Linux environment can be created using a Linux container (please see Step 0).
Of course, one can install Orochi on other Linux distributions and/or an existing environment. However, there might be dependency and configuration problems. To address those issues, see the detailed installation process in detailed instructions.
Below we step through the process for installing Orochi in a Linux container. For installing Orochi on an existing environment, skip Step 0 and start from Step 1.
Install Linux container:
$ sudo apt install lxc
Create one container with Ubuntu14.04 template:
$ sudo lxc-create -t download -n orochi -- -d ubuntu -r trusty -a amd64
Run and attach to the created container:
$ sudo lxc-start -n orochi
$ sudo lxc-attach -n orochi
(If you got here from Step 0, the next steps should be performed inside the Linux container.)
Fetch Orochi's code:
$ git clone https://github.com/naizhengtan/orochi.git
Set environment variable:
$ export ORO_HOME="OROCHI/REPO/"
# "OROCHI/REPO/" should be replaced with Orochi's root folder
Go to folder "install" and build:
$ cd $ORO_HOME/install/
$ ./1_prepare.sh
$ ./2_build_verification.sh
$ ./3_build_online.sh
$ ./4_deploy_config.sh
If the above scripts encounter errors during installation, they will print error messages with pointers to our detailed instructions, which should help address the problems.
There are two phases in Orochi:
- online phase: an online server collects a trace (including HTTP requests/responses and reports)
- audit phase: a verifier re-executes the requests in a given trace and compares the responses
The previous install step has installed both the online server and verifier. In the following steps, Run the verifier goes through running the audit phase on a given trace, and Run the online server talks about the online phase.
In this section, one will run the verifier on a given trace. We have provided the traces we've evaluated in our paper. One can reproduce our results by downloading these traces and re-executing Orochi's audit phase against them.
First, download the traces from our server.
$ cd $ORO_HOME/benchmark/
$ ./download.sh
Second, copy the trace data to the location where the verifier expects it.
$ ./deploy.sh <app>
# <app> should be one of hotcrp/wiki/phpbb
Third, run Orochi's audit phase.
$ cd $ORO_HOME/verification
$ ./verify2.sh <app>
# <app> should be the same app as the second step
Now, the verifier outputs whether it accepts or rejects the trace (accept means the re-generated responses are the same as what is in the trace). It also outputs the CPU time spent on different components.
First, start the online server.
$ cd $ORO_HOME/online_server/
$ ./start_online_server.sh
Second, run a workload generator.
$ cd $ORO_HOME/workload_generator/<app>
# <app> should be one of hotcrp/wiki/phpbb
$ ./local_workload_gen.sh
The three apps we have experimented with (MediaWiki, phpBB and HotCRP) are located under $ORO_HOME/apps/. For more app details, please see Application configurations in the detailed instructions.
One can customize the workload generator for new workloads. To do so, please refer to Generate workloads in the detailed instructions.
Third, collect trace data for a following audit phase.
$ cd $ORO_HOME/benchmark/
$ ./collect.sh <trace-name>
Now, the trace has been collected into "trace-name". One can start a verifier to audit this captured trace: see Run verifier.
Please see Guidelines for porting new PHP app to Orochi in the detailed instructions.
License information can be found in the COPYING file.