Dartmouth College Computer Science
Technical Report series
TR search TR listserv
|By author:||A B C D E F G H I J K L M N O P Q R S T U V W X Y Z|
|By number:||2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986|
The client-server model of the Web poses a fundamental trust issue: clients are forced to trust in secrecy and correctness of computation occurring at a remote server of unknown credibility. The current solution for this problem is to use a PKI (Public Key Infrastructure) system and SSL (Secure Sockets Layer) digital certificates to prove the claimed identity of a server and establish an authenticated, encrypted channel between the client and this server. However, this approach does not address the security risks posed by potential malicious server operators or any third parties who may penetrate the server sites.
The WebALPS (Web Applications with Lots of Privacy and Security) approach is proposed to address these weaknesses by moving sensitive computations at server side into trusted co-servers running inside high-assurance secure coprocessors.
In this report, we examine the foundations of the credibility of WebALPS co-servers. Then we will describe our work of designing and building a prototype WebALPS co-server, which is integrated into the widely-deployed, commercial-grade Apache server. We will also present the performance test results of our system which support the argument that WebALPS approach provides a systematic and practical way to address the remote trust issue.
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Shan Jiang, "WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions." Dartmouth Computer Science Technical Report TR2001-399, June 2001.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.