The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2012 vol.61)
pp: 686-699
T. Moyer , MIT Lincoln Lab., Lexington, MA, USA
The web is a primary means of information sharing for most organizations and people. Currently, a recipient of web content knows nothing about the environment in which that information was generated other than the specific server from whence it came (and even that information can be unreliable). In this paper, we develop and evaluate the Spork system that uses the Trusted Platform Module (TPM) to tie the web server integrity state to the web content delivered to browsers, thus allowing a client to verify that the origin of the content was functioning properly when the received content was generated and/or delivered. We discuss the design and implementation of the Spork service and its browser-side Firefox validation extension. In particular, we explore the challenges and solutions of scaling the delivery of mixed static and dynamic content to a large number of clients using exceptionally slow TPM hardware. We perform an in-depth empirical analysis of the Spork system within Apache web servers. This analysis shows Spork can deliver nearly 8,000 static or over 6,500 dynamic integrity-measured web objects per second. More broadly, we identify how TPM-based content web services can scale to large client loads with manageable overheads and deliver integrity-measured content with manageable overhead.
Web services, content management, data integrity, file servers, Internet, online front-ends, program verification, trusted computing, integrity-measured content, scalable Web content attestation, information sharing, Spork system, trusted platform module, Web server integrity state, Web browsers, browser-side Firefox validation extension, mixed static dynamic content, TPM hardware, Apache Web servers, dynamic integrity-measured Web objects per second, TPM-based content Web services, client loads, Web server, Browsers, Cryptography, Hardware, Web pages, scalable attestation., Trusted computing, integrity measurement, web system
T. Moyer, "Scalable Web Content Attestation", IEEE Transactions on Computers, vol.61, no. 5, pp. 686-699, May 2012, doi:10.1109/TC.2011.60
[1] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,”, May 2008.
[2] D. Eastlake3rd, J. Reagle, and D. Solo, “(Extensible Markup Language) XML-Signature Syntax and Processing,”, Mar. 2002.
[3] DarkAngel, “Mood-NT,” codes.htm .
[4] C. Reis, S.D. Gribble, T. Kohno, and N.C. Weaver, “Detecting In-Flight Page Changes with Web Tripwires,” Proc. Conf. Nat'l Spatial Data Infrastructure (NSDI '08), pp. 31-44, 2008.
[5] J. Marchesini, S. Smith, O. Wild, and R. MacDonald, “Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love the Bear,” Tech. Rep. TR2003-476, Dartmouth College, Hanover, NH, 2003.
[6] Trusted Computing Group, “Trusted Platform Module Specifications,” trusted_platform_modulespecifications , 2011.
[7] R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, “Design and Implementation of a TCG-based Integrity Measurement Architecture,” Proc. USENIX Security Symp., pp. 223-238, Aug. 2004.
[8] C. Lesniewski-Lass and M.F. Kaashoek, “SSL Splitting: Securely Serving Data from Untrusted Caches,” Computer Networks, vol. 48, no. 5, pp. 763-779, Aug. 2005.
[9] A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla, “Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems,” Proc. 20th ACM Symp. Operating Systems Principles (SOSP '05), pp. 1-16, 2005.
[10] G. Mohay and J. Zellers, “Kernel and Shell Based Applications Integrity Assurance,” Proc. Ann. Computer Security Applications Conf. (ACSAC '97), pp. 34-43, Dec. 1997.
[11] P. Iglio, “TrustedBox: A Kernel-Level Integrity Checker,” Proc. Ann. Computer Security Applications Conf. (ACSAC '99), pp. 189-198, Dec. 1999.
[12] N.L. Petroni,Jr., T. Fraser, J. Molina, and W.A. Arbaugh, “Copilot-A Coprocessor-Based Kernel Runtime Integrity Monitor,” Proc. USENIX Security Symp., p. 13, Aug. 2004.
[13] P.A. Loscocco, P.W. Wilson, J.A. Pendergrass, and C.D. McDonell, “Linux Kernel Integrity Measurement Using Contextural Inspection,” Proc. Second ACM Workshop Scalable Trusted Computing (STC '07), pp. 21-29, Nov. 2007.
[14] E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, “AEGIS: Architectures for Tamper-Evident and Tamper-Resistant Processing,” Proc. 17th Int'l Conf. Supercomputing, pp. 160-171, June 2003.
[15] J.G. Dyer, M. Lindemann, R. Perez, R. Sailer, L. van Doorn, S.W. Smith, and S. Weingart, “Building the IBM 4758 Secure Coprocessor,” Computer, vol. 34, no. 10, pp. 57-66, 2001.
[16] T. Jaeger, R. Sailer, and U. Shankar, “PRIMA: Policy-Reduced Integrity Measurement Architecture,” Proc. ACM Symp. Access Control Models and Technologies, (SACMAT '06), June 2006.
[17] cPanel, “Components of Random JavaScript Toolkit Identified,”, Jan. 2008.
[18] “NebuAd,” http:/, 2010.
[19] A. Fox and E.A. Brewer, “Reducing WWW Latency and Bandwidth Requirements by Real-Time Distillation,” Proc. Fifth Int'l World Wide Web Conf. Computer Networks and ISDN Systems, pp. 1445-1456, 1996.
[20] “Ad Muncher: The Ultimate Popup and Advertising Blocker,” http:/, 2010.
[21], “Adware.LinkMaker,” com/security_response writeup.jsp?docid=2005-030218-4635-99 , 2007.
[22], “W32.Arpiframe,” security_response writeup.jsp?docid=2007-061222-0609-99 , 2007.
[23] C. Gaspard, S. Goldberg, W. Itani, E. Bertino, and C. Nita-Rotaru, “Sine: Cache-Friendly Integrity for the Web,” Proc. Fifth IEEE Workshop Secure Network Protocols (NPSec '09). pp. 7-12, 2009.
[24] S. Sedaghat, J. Pieprzyk, and E. Vossough, “On-the-Fly Web Content Integrity Check Boosts Users' Confidence,” Comm. ACM, vol. 45, no. 11, pp. 33-37, 2002.
[25] S. Jiang, S. Smith, and K. Minami, “Securing Web Servers Against Insider Attack,” Proc. 17th Ann. Computer Security Applications Conf. (ACSAC '01), p. 265, 2001.
[26] S. Jiang, “WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions,” Master's thesis, Dartmouth College, Hanover, NH, 2001.
[27] X. Zhang, S. Chen, and R. Sandhu, “Enhancing Data Authenticity and Integrity in p2p Systems,” IEEE Internet Computing, vol. 9, pp. 18-25, 2005.
[28] M. Corporation, “Microsoft Next-Generation Secure Computing Base,” default.mspx, 2010.
[29] M. Noar and K. Nassim, “Certificate Revocation and Certificate Update,” Proc. USENIX Security Symp., pp. 217-228, Jan. 1998.
[30] L. St. Clair, J. Schiffman, T. Jaeger, and P. McDaniel, “Establishing and Sustaining System Integrity via Root of Trust Installation,” Proc. Ann. Computer Security Applications Conf. (ACSAC '07), pp. 19-29, Dec. 2007.
[31] B.C. Neuman and T. Ts'o, “Kerberos: An Authentication Service for Computer Networks,” Proc. IEEE Communications Conf., pp. 33-38, Sept. 1994.
[32] M.T. Goodrich, “Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing,” Proc. 2001 DARPA Information Survivability Conf. and Exposition, pp. 68-82, 2001.
[33] R. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Research in Security and Privacy, pp. 122-134, Apr. 1980.
[34] “Squid:Optimising Web Delivery,” http:/, 2010.
[35] “PHP: Hypertext Preprocessor,” http:/, Sept. 2008.
[36] M. Corporation, “Active Server Pages,” com/en-us/library aa286483.aspx, 2010.
[37] A. King, “The Average Web Page,” http://www. reviewsaverage-web-page/, 2008.
[38] A. King, “Average Web Page Size Triples Since 2003,” tweakaverage-web-page/, 2008.
[39] T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger, “Scalable Asynchronous Web Content Attestation,” Tech. Rep. NAS-TR-0095-2008, Network and Security Research Center, Dept. of Computer Science and Eng., Pennslyvania State Univ., University Park, PA, Sept. 2008.
[40] L. Cranor, “Privacy Bird,” http:/, 2010.
[41] S.E. Schechter, R. Dhamija, A. Ozment, and I. Fischer, “The Emperor's New Security Indicators,” Proc. 2007 IEEE Symp. Security and Privacy (SP '07), pp. 51-65, 2007.
[42] Security Space, “Secure Server Survey,” http://www. sdata/200906certca.html, June 2009.
[43] C. Jackson and A. Barth, “ForceHTTPS: Protecting High-Security Web Sites from Network Attacks,” Proc. 17th Int'l Conf. World Wide Web (WWW '08), pp. 525-534, 2008.
[44] J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel, “Seeding Clouds with Trust Anchors,” Tech. Rep. NAS-TR-0127-2010, Network and Security Research Center, Dept. Computer Science and Eng., Pennsylvania State Univ., University Park, PA, Apr. 2010.
[45] S. Berger, R. Cáceres, K.A. Goldman, R. Perez, R. Sailer, and L. van Doorn, “vtpm: Virtualizing the Trusted Platform Module,” Proc. 15th Conf. USENIX Security Symp. (USENIX-SS '06), vol. 15, 2006.
[46] J. Schiffman, T. Moyer, C. Shal, T. Jaeger, and P. McDaniel, “Justifying Integrity Using a Virtual Machine Verifier,” Proc. 2009 Ann. Computer Security Applications Conf., ACSAC '09, pp. 83-92, Dec. 2009.
28 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool