@TechReport{Dartmouth:TR2001-410,
  author = {Shan Jiang and Sean Smith and Kazuhiro Minami},
  title = {{Securing Web Servers against Insider Attack}},
  institution = {Dartmouth College, Computer Science},
  address = {Hanover, NH},
  number = {TR2001-410},
  year = {2001},
  month = {July},
  URL = {http://www.cs.dartmouth.edu/reports/TR2001-410.ps.Z},
  abstract = {
      Too often, ``security of Web transactions'' reduces to ``encryption of
    the channel''---and neglects to address what happens at the server on
    the other end.  This oversight forces clients to trust the good
    intentions and competence of the server operator---but gives clients
    no basis for that trust.  Furthermore, despite academic and industrial
    research in secure coprocessing, many in the computer science
    community still regard ``secure hardware'' as a synonym for
    ``cryptographic accelerator.'  This oversight neglects the real
    potential of COTS secure coprocessing technology to establish trusted
    islands of computation in hostile environments---such as at web
    servers with risk of insider attack.
    
      In this paper, we apply secure coprocessing and cryptography to solve
    this real problem in Web technology.  We present a vision: using
    secure coprocessors to establish trusted co-servers at Web servers and
    moving sensitive computations inside these co-servers.  We present a
    prototype implementation of this vision that scales to realistic
    workloads.  Finally, we validate this approach by building a simple
    E-voting application on top of our prototype.
    
      From our experience, we conclude that this approach provides a
    practical and effective way to enhance the security of Web servers
    against insider attack.
  }
}