Conventional commercial electronic entities are prone to being attacked by malicious entities. Software and/or hardware components of these malicious entities may be configured to exploit vulnerabilities and/or surreptitiously achieve access to client sensitive information. For these reasons, modern computing software and/or hardware providers engage in continuous and reactive security technique development. One general security approach implements an application splitting concept, which involves partitioning an application code base into two or more components in which at least two components have different privilege levels. One goal of this approach is to restrict vulnerabilities to code within non-privileged components to protect the entire application code base while limiting a total size of security-critical or privileged components.
The code partitioning approach requires many steps, including manual steps, starting with partitioning the application code base by having developers annotate code segments and identify privileged data (e.g., code). Then, the developers use automated code-refactoring tools to rewrite the annotated application code base into the privileged and the non-privileged components that, when compiled as a whole, build functionally equivalent, secured versions of the application. Despite such partitioning, the malicious entities continue to successfully exploit the vulnerabilities within the non-privileged components when attempting to access and compromise the privileged components.
The code partitioning approach may not be applicable to certain systems, such as enterprise computing systems due to complexity, which may include complex interactions between system components. One example of an enterprise computing system may be a configuration where one or more machines execute programs (e.g., web roles) that manage data stored within a back-end database service and run a presentation layer and scripting subsystem. Complicated data communications between devices within the enterprise computing system render code partitioning impractical.
Although a single machine may be capable of running the web application, the commercial electronic entities often desire cost-effective, scalable computing capabilities in the form of cloud computing services. The commercial electronic entities also desire to be secure from insider attacks by malicious administrators and other entities with full control over a cloud computing environment in addition to external incursions by malicious computers on the pretense of conducting legitimate commerce. The prevalence of such attacks may be linked to occurrences when sensitive information for Internet transactions becomes vulnerable to misappropriation, for example, instances when the sensitive information is maintained in client-server requests/replies (e.g., in plaintext form) that are transmitted via a browser component.