Summary of: Securing Web Servers against Insider Attack

Contributions:
	This paper took advantage of secure co-processors to provide
users with assurance that web applications respected their interests
even when the web host has potentially conflicting interests without
requiring a trusted third party.

Discussion:
	The secure co-processor provides a mechanism for bootstrapping
trust that can then be used to solve many security problems. If secure
co-processors became common place they could serve as a basis for
computational faucets, for example several programs attempt to use idle
time on networked computers but can not do so with high assurance. It
provides a more general solution as compared with specific algorithms
provided for narrow problems from past papers. 
	There was some discussion about the physical security claims
made by the co-processor. A sophisticated attacker might be able to
launch an attack but it would involve increased difficulty. The group
resolved to investigate this issue further. 
	The limitations of algorithms that are general enough to be
certified were considered. Simple applications can be used to provide a
trusted environment for more sophisticated code and provide assurance
that some correct computation is performed. 
	Some questions arose as to the performance of the system under
more realistic loads. In the short term such performance issues may be
significant but the move from SSL to webALPS compares favorably with the
move from http to SSL and in the long term is just part of the tradeoff
of performance for security.
	Some positive comments were made about their prototype
implementation and use of existing technology such as extending SSL to
the coprocessor. 
	This paper was very well received by the group.