Securing Web servers against insider attack

Too often, "security of Web transactions" reduces to "encryption of the channel" - and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator - but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted coservers at Web servers and moving sensitive computations inside these co-servers; we present a prototype implementation of this vision that scales to realistic workloads; and we validate this approach by building a simple E-voting application on top of our prototype. By showing the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments - such as at Web servers with risk of insider attack - this work also helps demonstrate that "secure hardware" can be more than a synonym for "cryptographic accelerator".

[1]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[2]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[3]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[4]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[5]  Sean W. Smith,et al.  SAM: a flexible and secure auction architecture using trusted hardware , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[6]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[7]  Sean W. Smith,et al.  Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors , 1998, USENIX Workshop on Electronic Commerce.

[8]  Steve H. Weingart Physical Security for the μABYSS System , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Steve H. Weingart,et al.  Validating a High-Performance , Programmable Secure Coprocessor , 1999 .

[10]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[11]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[12]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[13]  Stephen W. Smith,et al.  Webalps: Using trusted co-servers to enhance privacy and security of web transactions , 2000 .

[14]  Steve R. White,et al.  ABYSS: ATrusted Architecture for Software Protection , 1987, 1987 IEEE Symposium on Security and Privacy.

[15]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[16]  Sean W. Smith,et al.  Application Support Architecture for a High-Performance, Programmable Secure Coprocessor , 1999 .

[17]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[18]  Arto Salomaa,et al.  Verifying and Recasting Secret Ballots in Computer Networks , 1991, New Results and New Trends in Computer Science.

[19]  Yougu Yuan,et al.  Web Spoofing 2001 , 2001 .

[20]  Hermann A. Maurer,et al.  New Results and New Trends in Computer Science , 1991, Lecture Notes in Computer Science.

[21]  Mudge Security Devices that Might Not Be , 2000, login Usenix Mag..

[22]  Lorrie Faith Cranor,et al.  Electronic voting: computerized polls may save money, protect privacy , 1996, CROS.

[23]  Shan Jiang,et al.  WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions , 2001 .

[24]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[25]  Lila Kari,et al.  Secret ballot elections in computer networks , 1991, Computers & security.

[26]  Sean W. Smith,et al.  WebALPS: a survey of E-commerce privacy and security applications , 2001, SECO.