Securing Web Servers against Insider Attack

New Orleans, Lousiana December 10-December 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991542

17th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by S. Jiang Articles by S. Smith Articles by K. Minami

	ASCII Text	x
	S. Jiang, S. Smith, K. Minami, "Securing Web Servers against Insider Attack," Computer Security Applications Conference, Annual, pp. 0265, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991542, author = {S. Jiang and S. Smith and K. Minami}, title = {Securing Web Servers against Insider Attack}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0265}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991542}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Securing Web Servers against Insider Attack SN - 0-7695-1405-7 SP EP A1 - S. Jiang, A1 - S. Smith, A1 - K. Minami, PY - 2001 VL - 0 JA - Computer Security Applications Conference, Annual ER -

S. Jiang, Dartmouth College

S. Smith, Dartmouth College

K. Minami, Dartmouth College

Too often, "security of Web transactions" reduces to "encryption of the channel"-and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator-but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted co-servers at Web servers and moving sensitive computations inside these co-servers; we present a prototype implementation of this vision that scales to realistic workloads; and we validate this approach by building a simple E-voting application on top of our prototype.

By showing the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments-such as at web servers with risk of insider attack-this work also helps demonstrate that "secure hardware" can be more than synonym for "cryptographic accelerator."

Citation:

S. Jiang, S. Smith, K. Minami, "Securing Web Servers against Insider Attack," acsac, pp.0265, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.