Securing Web servers against insider attack

Too often, "security of Web transactions" reduces to "encryption of the channel" -and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator-but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology. We present a vision: using secure coprocessors to establish trusted co-servers at Web servers and moving sensitive computations inside these co-servers; we present a prototype implementation of this vision that scales to realistic workloads; and we validate this approach by building a simple E-voting application on top of our prototype. By showing the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments-such as at web servers with risk of insider attack-this work also helps demonstrate that "secure hardware" can be more than synonym for "cryptographic accelerator'.