Securing Web servers against insider attack
- 25 August 2005
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Too often, "security of Web transactions" reduces to "encryption of the channel" - and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator - but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted coservers at Web servers and moving sensitive computations inside these co-servers; we present a prototype implementation of this vision that scales to realistic workloads; and we validate this approach by building a simple E-voting application on top of our prototype. By showing the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments - such as at Web servers with risk of insider attack - this work also helps demonstrate that "secure hardware" can be more than a synonym for "cryptographic accelerator".Keywords
This publication has 5 references indexed in Scilit:
- Verifying and recasting secret ballots in computer networksPublished by Springer Nature ,2006
- WebALPSACM SIGecom Exchanges, 2001
- Building a high-performance, programmable secure coprocessorComputer Networks, 1999
- A practical secret voting scheme for large scale electionsPublished by Springer Nature ,1993
- Secret ballot elections in computer networksComputers & Security, 1991