Last modified: 08/27/03 12:07:41 PM
S. Jiang, S.W. Smith, K. Minami.
``Securing Web Servers against Insider Attack.''
ACSA/ACM Annual Computer Security Applications Conference.
Too often, "security of Web transactions" reduces to
"encryption of the channel"-and neglects to address what
happens at the server on the other end. This oversight forces
clients to trust the good intentions and competence of the
server operator-but gives clients no basis for that trust. In
this paper, we apply secure coprocessing and cryptography
to solve this real problem in Web technology. We present a
vision: using secure coprocessors to establish trusted coservers
at Web servers and moving sensitive computations
inside these co-servers; we present a prototype implementation
of this vision that scales to realistic workloads; and
we validate this approach by building a simple E-voting application
on top of our prototype.
By showing the real potential of COTS secure coprocessing
technology to establish trusted islands of computation in
hostile environments-such as at web servers with risk of insider
attack-this work also helps demonstrate that "secure
hardware" can be more than synonym for "cryptographic
Preliminary IBM TR