The current Web cache infrastructure, though it has a number of performance benefits, does not address many of the publishers ’ requirements. We argue that web caches should be enhanced to address publishers’ needs. For example, caches will need to log client accesses, run scripts to dynamically produce content, and give publishers QoS guarantees. In this paper, we propose Gemini, a publisher-centric web caching infrastructure. Central to our design is the architectural assumption that the global web cache infrastructure will be heterogeneous, like the Internet itself—caches will belong to many different administrative domains and have different functionalities. The heterogeneous aspect of the infrastructure raises several issues. For example, because caches can alter content, traditional end-to-end security mechanisms can no longer ensure the integrity and authenticity of content. In this paper, we study issues associated with designing such a publish-centric caching infrastructure. In particular, we propose a security architecture that protects publishers and caches from each other in a heterogeneous caching environment. In our design, we ensure that Gemini is incrementally deployable and seamlessly interoperates with the existing caching infrastructure. Along with a system design, we also present experience gained from implementation and preliminary performance results.

The simplicity of HTTP was a major factor in the success of the Web. However, as both the protocol and its uses have evolved, HTTP has grown complex. This complexity results in numerous problems, including confused implementors, interoperability failures, difficulty in extending the protocol, and a long specification without much documented rationale.

Users of publicly accessible information systems are generally heterogeneous and have different needs. The aim of the AVANTI project is to cater to these individual needs by adapting the user interface and the content and presentation of WWW pages to each individual user. The special needs of elderly and handicapped users are also partly considered. A model of the characteristics of user groups and individual users, a model of the usage characteristics of the system, and a domain model are exploited in the adaptation process. This paper describes the detected differing needs of AVANTI users, the kind of adaptations that are currently implemented to cater to these needs, and the system architecture that enables AVANTI to generate user-adapted web pages from distributed multimedia databases. Special attention is given to privacy and security issues which are crucial when personal information about users is at stake. Keywords Adaptive hypermedia, individualization, personalization, disa...

Current approaches to access control on Web servers do not scale to enterprise-wide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. RBAC is a successful technology that will be a central component of emerging enterprise security infrastructures. Cookies can be used to support RBAC on the Web, holding users' role information. However, it is insecure to store and transmit sensitive information in cookies. Cookies are stored and transmitted in clear text, which is readable and easily forged. In this paper, we describe an implementation of Role-Based Access Control with role hierarchies on the Web by secure cookies. Since a user's role information is contained in a set of secure cookies and transmitted to the corresponding Web servers, these servers can trust the role information in the cookies after cookie-verification proced...

Security and privacy are growing concerns in the Internet community, due to the Internet's rapid growth and the desire to conduct business over it safely. This desire has led to the advent of several proposals for security standards, such as secure IP, secure HTTP, and the Secure Socket Layer. All of these standards propose using cryptographic protocols such as DES and RSA. Thus, the need to use encryption protocols is increasing. Shared-memory multiprocessors make attractive server platforms, for example as secure World-Wide Web servers. These machines are becoming more common, as shown by recent vendor introductions of platforms such as SGI's Challenge, Sun's SPARCCenter, and DEC's AlphaServer. The spread of these machines is due both to their relative ease of programming and their good price/performance. This paper is an experimental performance study that examines how encryption protocol performance can be improved by using parallelism. We show linear speedup for several different ...

We introduce theory generation, a new general-purpose technique for performing automated verification. Theory generation draws inspiration from, and complements, both automated theorem proving and symbolic model checking, the two approaches that currently dominate mechanical reasoning. At the core of this approach is the notion of producing a finite representation of a theory---all the facts derivable from a set of assumptions. We present an algorithm for producing compact theory representations for an expressive class of simple logics. Security-sensitive protocols are widely used today, and the growing popularity of electronic commerce is leading to increasing reliance on them. Though simple in structure, these protocols are notoriously difficult to design properly. Since specifications of these protocols typically involve only a small number of principals, keys, nonces, and messages, and since many properties of interest can be expressed in "little logics" such as the Burro...

Current solutions for providing communication security in network applications allow customization of certain security attributes and techniques, but in limited ways and without the benefit of a single unifying framework. Here, the design of a highly-customizable extensible service called SecComm is described in which attributes such as authenticity, privacy, integrity, and non-repudiation can be customized in arbitrary ways. With SecComm, applications can open secure communication connections in which only those attributes selected from among a wide range of possibilities are enforced, and are enforced using the strength or technique desired. SecComm has been implemented using Cactus, a system for building configurable communication services. In Cactus, different properties and techniques are implemented as software modules called micro-protocols that interact using an event-driven execution paradigm. This non-hierarchical design approach has a high degree of flexibility, ye...

The primary method for protecting networks today is to use a rewall: a boundary separating the protected network from the untrusted Internet. However, these rewalls offer no protection from internal attacks, scale poorly due to limited rewall processing capacity, and do not support mobile computing. Distributing a rewall to each network host avoids many of these problems, but weakens the security guarantees of the network since it places the rewall under the control of the host OS. Leveraging the increasing capability of embedded-VLSI, including network-specific processors, we propose a Network Interface Card (NIC) based distributed rewall. Supporting the same (and more) functions as a centralized rewall, NIC-based rewalls provide significant benefits including: scalability, easier client customization, sharing application/OS state to enable application-level filtering, and the ability to block misbehaving hosts at the source, the host itself. We describe the architecture of a Network Interface Card-based distributed rewall and our implementation, which uses an i960-based NIC and IPsec for management and policy distribution. The rewall currently supports basic packet filtering and some application policies as well as secure policy distribution.

As business is moving from face-to-face trading, mail order, and telephone order to electronic commerce over open networks such as the Internet, crucial security issues are being raised. Whereas Electronic Funds Transfer over financial networks is reasonably secure, securing payments over open networks connecting commercial servers and consumer workstations poses challenges of a new dimension. This article reviews the state of the art in payment technologies, and sketches emerging developments.

Secure transactions form the computational basis for electronic commerce. Many forms of commerce depend upon there being a defined and verifiable relationship between messages in a transaction. We have identified three such relational properties: causality, atomicity and isolation. Causality is a new property. It allows the receiver of a message to deduce and verify the sequence of messages sent and received by the sender prior to that message. In this paper, we present a secure transaction protocol that provides relational properties in addition to the normal properties of secure messages.