Title | ||
---|---|---|
AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content |
Abstract | ||
---|---|---|
Web servers are vulnerable to a large class of attacks which can allow network attacker to steal sensitive web content. In this work, we investigate the feasibility of a web server architecture, wherein the vulnerable server VM runs on a trusted cloud. All sensitive web content is made available to the vulnerable server VM in encrypted form, thereby limiting the effectiveness of data-stealing attacks through server VM compromise. In this context, the main challenge is to allow the legitimate functionality of the untrusted server VM to work. As a step towards this goal, we develop a tool called AutoCrypt, which transforms a subset of existing C functionality in the web stack to operate on encrypted sensitive content. We show that such a transformation is feasible for several standard Unix utilities available in a typical LAMP stack, with no developer effort. Key to achieving this expressiveness over encrypted data, is our scheme to combine and convert between partially-homomorphic encryption (PHE) schemes using a small TCB in the trusted cloud hypervisor. We show that x86 code transformed with AutoCrypt achieves performance that is significantly better than its alternatives (downloading to a trusted client, or using fully-homomorphic encryption). |
Year | DOI | Venue |
---|---|---|
2013 | 10.1145/2508859.2516666 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
encrypted sensitive content,untrusted server vm,encrypted form,web server,sensitive web content,vulnerable server vm,homomorphic computation,encrypted data,web server architecture,vulnerable server,server vm compromise,type system,homomorphic encryption,web security | Trusted client,Internet privacy,Computer science,Computer security,Server,Upload,Encryption,Web service,Web server,Application server,Cloud computing | Conference |
Citations | PageRank | References |
10 | 0.64 | 40 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shruti Tople | 1 | 48 | 3.44 |
Shweta Shinde | 2 | 173 | 9.15 |
Zhaofeng Chen | 3 | 206 | 8.64 |
Prateek Saxena | 4 | 1915 | 97.73 |