TY - GEN
T1 - Scalable web content attestation
AU - Moyer, Thomas
AU - Butler, Kevin
AU - Schiffman, Joshua
AU - McDaniel, Patrick
AU - Jaeger, Trent
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - The web is a primary means of information sharing for most organizations and people. Currently, a recipient of web content knows nothing about the environment in which that information was generated other than the specific server from whence it came (and even that information can be unreliable). In this paper, we develop and evaluate the Spork system that uses the Trusted Platform Module (TPM) to tie the web server integrity state to the web content delivered to browsers, thus allowing a client to verify that the origin of the content was functioning properly when the received content was generated and/or delivered. We discuss the design and implementation of the Spork service and its browser-side Firefox validation extension. In particular, we explore the challenges and solutions of scaling the delivery of mixed static and dynamic content using exceptionally slow TPM hardware. We perform an in-depth empirical analysis of the Spork system within Apache web servers. This analysis shows Spork can deliver nearly 8,000 static or over 7,000 dynamic integrity-measured web objects per-second. More broadly, we identify how TPM-based content web services can scale with manageable overheads and deliver integrity-measured content with manageable overhead.
AB - The web is a primary means of information sharing for most organizations and people. Currently, a recipient of web content knows nothing about the environment in which that information was generated other than the specific server from whence it came (and even that information can be unreliable). In this paper, we develop and evaluate the Spork system that uses the Trusted Platform Module (TPM) to tie the web server integrity state to the web content delivered to browsers, thus allowing a client to verify that the origin of the content was functioning properly when the received content was generated and/or delivered. We discuss the design and implementation of the Spork service and its browser-side Firefox validation extension. In particular, we explore the challenges and solutions of scaling the delivery of mixed static and dynamic content using exceptionally slow TPM hardware. We perform an in-depth empirical analysis of the Spork system within Apache web servers. This analysis shows Spork can deliver nearly 8,000 static or over 7,000 dynamic integrity-measured web objects per-second. More broadly, we identify how TPM-based content web services can scale with manageable overheads and deliver integrity-measured content with manageable overhead.
UR - http://www.scopus.com/inward/record.url?scp=77950901995&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950901995&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2009.19
DO - 10.1109/ACSAC.2009.19
M3 - Conference contribution
AN - SCOPUS:77950901995
SN - 9780769539195
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 95
EP - 104
BT - 25th Annual Computer Conference Security Applications, ACSAC 2009
T2 - 25th Annual Computer Conference Security Applications, ACSAC 2009
Y2 - 7 December 2009 through 11 December 2009
ER -