Title :
Securing Web servers against insider attack
Author :
Jiang, Shan ; Smith, Sean ; Minami, Kazuhiro
Abstract :
Too often, "security of Web transactions" reduces to "encryption of the channel" - and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator - but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted coservers at Web servers and moving sensitive computations inside these co-servers; we present a prototype implementation of this vision that scales to realistic workloads; and we validate this approach by building a simple E-voting application on top of our prototype. By showing the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments - such as at Web servers with risk of insider attack - this work also helps demonstrate that "secure hardware" can be more than a synonym for "cryptographic accelerator".
Keywords :
Internet; client-server systems; network servers; security of data; COTS secure coprocessing technology; E-voting application; Web servers; Web technology; cryptography; encryption of channel; hostile environments; insider attack; secure coprocessing; security of Web transactions; trusted coservers; trusted islands of computation; Authentication; Computer science; Computer security; Coprocessors; Cryptography; Educational institutions; Electronic switching systems; Prototypes; Public key; Web server;
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
DOI :
10.1109/ACSAC.2001.991542
