Securing Web Servers against Insider Attack

Authors

Shan Jiang, Dartmouth College
Sean Smith, Dartmouth College
Kazuhiro Minami Dartmouth College, false

Document Type

Technical Report

Publication Date

7-1-2001

Technical Report Number

TR2001-410

Abstract

Too often, ``security of Web transactions'' reduces to ``encryption of the channel''---and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator---but gives clients no basis for that trust. Furthermore, despite academic and industrial research in secure coprocessing, many in the computer science community still regard ``secure hardware'' as a synonym for ``cryptographic accelerator.' This oversight neglects the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments---such as at web servers with risk of insider attack. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted co-servers at Web servers and moving sensitive computations inside these co-servers. We present a prototype implementation of this vision that scales to realistic workloads. Finally, we validate this approach by building a simple E-voting application on top of our prototype. From our experience, we conclude that this approach provides a practical and effective way to enhance the security of Web servers against insider attack.

Dartmouth Digital Commons Citation

Jiang, Shan; Smith, Sean; and Minami, Kazuhiro Dartmouth College, "Securing Web Servers against Insider Attack" (2001). Computer Science Technical Report TR2001-410. https://digitalcommons.dartmouth.edu/cs_tr/186