WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions

This report describes a project that aims to fill two gaps in recent security and privacy research. The first gap is {\em trust.} Too often, ``security of Web transactions'' reduces to ``encryption of the channel''---and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator---but gives clients no basis for that trust. The second gap is {\em secure coprocessing.} Despite early academic research in the potential of this technology, and the subsequent industrial research that resulted high-assurance,
programmable secure coprocessors as COTS products, many in the computer science community still regard ``secure hardware'' as a synonym for ``cryptographic accelerator.' This oversight neglects the real potential of COTS secure coprocessing technology to establish trusted islands of computation in hostile environments (e.g., at servers with risk of insider attack).

The WebALPS project proposes to address both issues by using secure coprocessors to establish trusted third parties at Web servers. Having clients establish an SSL session {\em into} an application
running inside the secure hardware at the Web server (instead of just using secure hardware to speed cryptography) provides a systematic way to enhance the security of a broad family of Web-based
services---including {\em security against insider attack}---without requiring a substantial change to the currently deployed Web infrastructure.