Abstract
Outsourced computation services should ideally only charge customers for the resources used by their applications. Unfortunately, no verifiable basis for service providers and customers to reconcile resource accounting exists today. This leads to undesirable outcomes for both providers and consumers-providers cannot prove to customers that they really devoted the resources charged, and customers cannot verify that their invoice maps to their actual usage. As a result, many practical and theoretical attacks exist, aimed at charging customers for resources that their applications did not consume. Moreover, providers cannot charge consumers precisely, which causes them to bear the cost of unaccounted resources or pass these costs inefficiently to their customers.
We introduce ALIBI, a first step toward a vision for verifiable resource accounting. ALIBI places a minimal, trusted reference monitor underneath the service provider's software platform. This monitor observes resource allocation to customers' guest virtual machines and reports those observations to customers, for verifiable reconciliation. In this paper, we show that ALIBI efficiently and verifiably tracks guests' memory use and CPU-cycle consumption.
- Cloud storage providers need sharper billing metrics. http://www.networkworld.com/news/2011/061711-cloud-storage-providers-need-sharper.html?page=2.Google Scholar
- dm-verity: device-mapper block integrity checking target. http://code.google.com/p/cryptsetup/wiki/DMVerity. Retrieved 2/2013.Google Scholar
- IT Cloud Services User Survey: Top Benefits and Challenges. http://blogs.idc.com/ie/?p=210.Google Scholar
- Service billing is hard. http://perspectives.mvdirona.com/2009/02/16/ServiceBillingIsHard.aspx.Google Scholar
- TPM Main Specification Level 2 Version 1.2, Revision 103 (Trusted Computing Group). http://www.trustedcomputinggroup.org/resources/tpm\_main\_specification/.Google Scholar
- VMWare vCenter Chargeback. http://www.vmware.com/products/vcenter-chargeback/overview.html.Google Scholar
- The Trusted Boot Project (tboot). http://tboot.sourceforge.net/, Sept. 2007.Google Scholar
- G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable Data Possession at Untrusted Stores. In ACM CCS, 2007. Google ScholarDigital Library
- M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The Turtles Project: Design and Implementation of Nested Virtualization. In OSDI, 2010. Google ScholarDigital Library
- S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks are Realistic Threats. In USENIX Security, 2005. Google ScholarDigital Library
- Y. Chen, A. Ganapathi, R. Griffith, and R. Katz. The Case for Evaluating MapReduce Performance Using Workload Suites. In Proc. MASCOTS, 2011. Google ScholarDigital Library
- R. Cohen. Navigating the Fog - Billing, Metering and Measuring the Cloud. Cloud computing journal http://cloudcomputing.sys-con.com/node/858723.Google Scholar
- P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor. In SOSP, 2011. Google ScholarDigital Library
- J. Du, N. Sherawat, and W. Zwaenepoel. Performance Profiling in a Virtualized Environment. In Proc. HotCloud, 2010. Google ScholarDigital Library
- U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In OSDI, 2006. Google ScholarDigital Library
- K. Fu, M. F. Kaashoek, and D. Mazières. Fast and Secure Distributed Read-only File System. ACM TOCS, 20(1), 2002. Google ScholarDigital Library
- A. Gordon, N. Amit, N. Har'El, M. Ben-Yehuda, A. Landau, A. Schuster, and D. Tsafrir. ELI: Bare-Metal Performance for I/O Virtualization. In ASPLOS, 2012. Google ScholarDigital Library
- A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel. Accountable Virtual Machines. In OSDI, 2010. Google ScholarDigital Library
- J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest We Remember: Cold Boot Attacks on Encryption Keys. In USENIX Security, 2008. Google ScholarDigital Library
- O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel. Ensuring Operating System Kernel Integrity with OSck. In ASPLOS, 2011. Google ScholarDigital Library
- S. Huang, J. Huang, J. Dai, T. Xie, and B. Huang. The HiBench benchmark suite: Characterization of the MapReduce-based data analysis. In Proc. ICDE Workshops, 2010.Google ScholarCross Ref
- R. Iyer, R. Illikkal, L. Zhao, D. Newell, and J. Moses. Virtual Platform Architectures for Resource Metering in Datacenters. In SIGMETRICS, 2009. Google ScholarDigital Library
- A. Juels and B. S. Kaliski. PORs: Proofs of retrievability for large files. In ACM CCS, 2007. Google ScholarDigital Library
- B. Kauer. OSLO: Improving the Security of Trusted Computing. In USENIX Security, 2007. Google ScholarDigital Library
- A. Kvalnes, D. Johansen, R. van Renesse, F. B. Schneider, and S. V. Valvag. Design Principles for Isolation Kernels. Technical Report 2011-70, Computer Science Department, University of Tromsø, 2011.Google Scholar
- A. Li, X. Yang, S. Kandula, and M. Zhang. CloudCmp: Comparing Public Cloud Providers. In IMC, 2010. Google ScholarDigital Library
- M. Liu and X. Ding. On Trustworthiness of CPU Usage Metering and Accounting. In ICDCS-SPCC, 2010. Google ScholarDigital Library
- M. McIntosh and P. Austel. XML signature Element Wrapping Attacks and Countermeasures. In ACM SWS, 2005. Google ScholarDigital Library
- A. Mihoob, C. Molina-Jimenez, and S. Shrivastava. A Case for Consumer-centric Resource Accounting Models. In Proc. International Conference on Cloud Computing, 2010. Google ScholarDigital Library
- J. C. Mogul. Operating systems should support business change. In HotOS, 2005. Google ScholarDigital Library
- B. Parno. Bootstrapping Trust in a "Trusted" Platform. In HotSec, 2008. Google ScholarDigital Library
- R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang. Enabling Security in Cloud Storage SLAs with CloudProof. In Proc. USENIX ATC, 2011. Google ScholarDigital Library
- G. Ren, E. Tune, T. Moseley, Y. Shi, S. Rus, and R. Hundt. Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers. IEEE Micro, 2010. Google ScholarDigital Library
- K. Ren, C. Wang, and Q. Wang. Security Challenges for the Public Cloud. IEEE Internet Computing, 16(1), 2012. Google ScholarDigital Library
- T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get off of my cloud: Exploring Information Leakage in Third-Party Compute Clouds. In ACM CCS, 2009. Google ScholarDigital Library
- R. Russell. virtio: Towards a De-Facto Standard for Virtual I/O Devices. ACM SIGOPS OSR, 42(5), 2008. Google ScholarDigital Library
- R. Sahita. Intel Virtualization Technology Extensions for High Performance Protection Domains. https://intel.activeevents.com/sf12/scheduler/catalog.do, Sept. 2012. Intel Developer Forum 2012, Session ID FUTS003.Google Scholar
- J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel. Network-Based Root of Trust for Installation. IEEE Security and Privacy, 9(1), 2011. Google ScholarDigital Library
- V. Sekar and P. Maniatis. Verifiable Resource Accounting for Cloud Computing Services. In ACM CCSW, 2011. Google ScholarDigital Library
- A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In SOSP, 2007. Google ScholarDigital Library
- M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to Keep Online Storage Services Honest. In HotOS, 2007. Google ScholarDigital Library
- J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono. All Your Clouds are Belong to us -- Security Analysis of Cloud Management Interfaces. In ACM CCSW, 2011. Google ScholarDigital Library
- J. Sugerman, G. Venkitachalam, and B.-H. Lim. Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor. In USENIX ATC, 2001. Google ScholarDigital Library
- V. Varadarajan, B. Farley, T. Ristenpart, and M. M. Swift. Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense). In ACM CCS, 2012. Google ScholarDigital Library
- A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework. In IEEE S&P, 2013.Google Scholar
- M. Wachs, L. Xu, A. Kanevsky, and G. R. Ganger. Exertion-based Billing for Cloud Storage Access. In HotCloud, 2011. Google ScholarDigital Library
- A. Wolfe. Intel CTO Envisions On-Chip Data Centers. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml?articleID=221900325, Nov. 2009.Google Scholar
- F. Zhang, J. Chen, H. Chen, and B. Zang. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In SOSP, 2011. Google ScholarDigital Library
- Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM Side Channels and Their Use to Extract Private Keys. In ACM CCS, 2012. Google ScholarDigital Library
- F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram. Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing. In IEEE NCA, 2011. Google ScholarDigital Library
Index Terms
- Towards verifiable resource accounting for outsourced computation
Recommendations
Towards verifiable resource accounting for outsourced computation
VEE '13: Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsOutsourced computation services should ideally only charge customers for the resources used by their applications. Unfortunately, no verifiable basis for service providers and customers to reconcile resource accounting exists today. This leads to ...
Verifiable resource accounting for cloud computing services
CCSW '11: Proceedings of the 3rd ACM workshop on Cloud computing security workshopCloud computing offers users the potential to reduce operating and capital expenses by leveraging the amortization benefits offered by large, managed infrastructures. However, the black-box and dynamic nature of the cloud infrastructure makes it ...
Verifiable Computation on Outsourced Encrypted Data
Computer Security - ESORICS 2014AbstractOn one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic ...
Comments