research-article

Towards verifiable resource accounting for outsourced computation

Authors:
Chen Chen

Carnegie Mellon University, Pittsburgh, PA, USA

Carnegie Mellon University, Pittsburgh, PA, USA
View Profile

,
Petros Maniatis

Intel Corporation, Berkeley, CA, USA

Intel Corporation, Berkeley, CA, USA
View Profile

,
Adrian Perrig

Carnegie Mellon University, Pittsburgh, PA, USA

Carnegie Mellon University, Pittsburgh, PA, USA
View Profile

,
Amit Vasudevan

Carnegie Mellon University, Pittsburgh, PA, USA

Carnegie Mellon University, Pittsburgh, PA, USA
View Profile

,
Vyas Sekar

Stony Brook University, Stony Brook, NY, USA

Stony Brook University, Stony Brook, NY, USA
View Profile

Authors Info & Claims

ACM SIGPLAN Notices Volume 48 Issue 7July 2013pp 167–178https://doi.org/10.1145/2517326.2451546

Published:16 March 2013Publication History

ACM SIGPLAN Notices

Abstract

Outsourced computation services should ideally only charge customers for the resources used by their applications. Unfortunately, no verifiable basis for service providers and customers to reconcile resource accounting exists today. This leads to undesirable outcomes for both providers and consumers-providers cannot prove to customers that they really devoted the resources charged, and customers cannot verify that their invoice maps to their actual usage. As a result, many practical and theoretical attacks exist, aimed at charging customers for resources that their applications did not consume. Moreover, providers cannot charge consumers precisely, which causes them to bear the cost of unaccounted resources or pass these costs inefficiently to their customers.

We introduce ALIBI, a first step toward a vision for verifiable resource accounting. ALIBI places a minimal, trusted reference monitor underneath the service provider's software platform. This monitor observes resource allocation to customers' guest virtual machines and reports those observations to customers, for verifiable reconciliation. In this paper, we show that ALIBI efficiently and verifiably tracks guests' memory use and CPU-cycle consumption.

References

Cloud storage providers need sharper billing metrics. http://www.networkworld.com/news/2011/061711-cloud-storage-providers-need-sharper.html?page=2.Google Scholar
dm-verity: device-mapper block integrity checking target. http://code.google.com/p/cryptsetup/wiki/DMVerity. Retrieved 2/2013.Google Scholar
IT Cloud Services User Survey: Top Benefits and Challenges. http://blogs.idc.com/ie/?p=210.Google Scholar
Service billing is hard. http://perspectives.mvdirona.com/2009/02/16/ServiceBillingIsHard.aspx.Google Scholar
TPM Main Specification Level 2 Version 1.2, Revision 103 (Trusted Computing Group). http://www.trustedcomputinggroup.org/resources/tpm\_main\_specification/.Google Scholar
VMWare vCenter Chargeback. http://www.vmware.com/products/vcenter-chargeback/overview.html.Google Scholar
The Trusted Boot Project (tboot). http://tboot.sourceforge.net/, Sept. 2007.Google Scholar
G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable Data Possession at Untrusted Stores. In ACM CCS, 2007. Google ScholarDigital Library
M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The Turtles Project: Design and Implementation of Nested Virtualization. In OSDI, 2010. Google ScholarDigital Library
S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks are Realistic Threats. In USENIX Security, 2005. Google ScholarDigital Library
Y. Chen, A. Ganapathi, R. Griffith, and R. Katz. The Case for Evaluating MapReduce Performance Using Workload Suites. In Proc. MASCOTS, 2011. Google ScholarDigital Library
R. Cohen. Navigating the Fog - Billing, Metering and Measuring the Cloud. Cloud computing journal http://cloudcomputing.sys-con.com/node/858723.Google Scholar
P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor. In SOSP, 2011. Google ScholarDigital Library
J. Du, N. Sherawat, and W. Zwaenepoel. Performance Profiling in a Virtualized Environment. In Proc. HotCloud, 2010. Google ScholarDigital Library
U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In OSDI, 2006. Google ScholarDigital Library
K. Fu, M. F. Kaashoek, and D. Mazières. Fast and Secure Distributed Read-only File System. ACM TOCS, 20(1), 2002. Google ScholarDigital Library
A. Gordon, N. Amit, N. Har'El, M. Ben-Yehuda, A. Landau, A. Schuster, and D. Tsafrir. ELI: Bare-Metal Performance for I/O Virtualization. In ASPLOS, 2012. Google ScholarDigital Library
A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel. Accountable Virtual Machines. In OSDI, 2010. Google ScholarDigital Library
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest We Remember: Cold Boot Attacks on Encryption Keys. In USENIX Security, 2008. Google ScholarDigital Library
O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel. Ensuring Operating System Kernel Integrity with OSck. In ASPLOS, 2011. Google ScholarDigital Library
S. Huang, J. Huang, J. Dai, T. Xie, and B. Huang. The HiBench benchmark suite: Characterization of the MapReduce-based data analysis. In Proc. ICDE Workshops, 2010.Google ScholarCross Ref
R. Iyer, R. Illikkal, L. Zhao, D. Newell, and J. Moses. Virtual Platform Architectures for Resource Metering in Datacenters. In SIGMETRICS, 2009. Google ScholarDigital Library
A. Juels and B. S. Kaliski. PORs: Proofs of retrievability for large files. In ACM CCS, 2007. Google ScholarDigital Library
B. Kauer. OSLO: Improving the Security of Trusted Computing. In USENIX Security, 2007. Google ScholarDigital Library
A. Kvalnes, D. Johansen, R. van Renesse, F. B. Schneider, and S. V. Valvag. Design Principles for Isolation Kernels. Technical Report 2011-70, Computer Science Department, University of Tromsø, 2011.Google Scholar
A. Li, X. Yang, S. Kandula, and M. Zhang. CloudCmp: Comparing Public Cloud Providers. In IMC, 2010. Google ScholarDigital Library
M. Liu and X. Ding. On Trustworthiness of CPU Usage Metering and Accounting. In ICDCS-SPCC, 2010. Google ScholarDigital Library
M. McIntosh and P. Austel. XML signature Element Wrapping Attacks and Countermeasures. In ACM SWS, 2005. Google ScholarDigital Library
A. Mihoob, C. Molina-Jimenez, and S. Shrivastava. A Case for Consumer-centric Resource Accounting Models. In Proc. International Conference on Cloud Computing, 2010. Google ScholarDigital Library
J. C. Mogul. Operating systems should support business change. In HotOS, 2005. Google ScholarDigital Library
B. Parno. Bootstrapping Trust in a "Trusted" Platform. In HotSec, 2008. Google ScholarDigital Library
R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang. Enabling Security in Cloud Storage SLAs with CloudProof. In Proc. USENIX ATC, 2011. Google ScholarDigital Library
G. Ren, E. Tune, T. Moseley, Y. Shi, S. Rus, and R. Hundt. Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers. IEEE Micro, 2010. Google ScholarDigital Library
K. Ren, C. Wang, and Q. Wang. Security Challenges for the Public Cloud. IEEE Internet Computing, 16(1), 2012. Google ScholarDigital Library
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get off of my cloud: Exploring Information Leakage in Third-Party Compute Clouds. In ACM CCS, 2009. Google ScholarDigital Library
R. Russell. virtio: Towards a De-Facto Standard for Virtual I/O Devices. ACM SIGOPS OSR, 42(5), 2008. Google ScholarDigital Library
R. Sahita. Intel Virtualization Technology Extensions for High Performance Protection Domains. https://intel.activeevents.com/sf12/scheduler/catalog.do, Sept. 2012. Intel Developer Forum 2012, Session ID FUTS003.Google Scholar
J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel. Network-Based Root of Trust for Installation. IEEE Security and Privacy, 9(1), 2011. Google ScholarDigital Library
V. Sekar and P. Maniatis. Verifiable Resource Accounting for Cloud Computing Services. In ACM CCSW, 2011. Google ScholarDigital Library
A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In SOSP, 2007. Google ScholarDigital Library
M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to Keep Online Storage Services Honest. In HotOS, 2007. Google ScholarDigital Library
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono. All Your Clouds are Belong to us -- Security Analysis of Cloud Management Interfaces. In ACM CCSW, 2011. Google ScholarDigital Library
J. Sugerman, G. Venkitachalam, and B.-H. Lim. Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor. In USENIX ATC, 2001. Google ScholarDigital Library
V. Varadarajan, B. Farley, T. Ristenpart, and M. M. Swift. Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense). In ACM CCS, 2012. Google ScholarDigital Library
A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework. In IEEE S&P, 2013.Google Scholar
M. Wachs, L. Xu, A. Kanevsky, and G. R. Ganger. Exertion-based Billing for Cloud Storage Access. In HotCloud, 2011. Google ScholarDigital Library
A. Wolfe. Intel CTO Envisions On-Chip Data Centers. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml?articleID=221900325, Nov. 2009.Google Scholar
F. Zhang, J. Chen, H. Chen, and B. Zang. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In SOSP, 2011. Google ScholarDigital Library
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM Side Channels and Their Use to Extract Private Keys. In ACM CCS, 2012. Google ScholarDigital Library
F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram. Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing. In IEEE NCA, 2011. Google ScholarDigital Library

Index Terms

Towards verifiable resource accounting for outsourced computation
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. System management
        Technology audits

Recommendations

Towards verifiable resource accounting for outsourced computation
VEE '13: Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Outsourced computation services should ideally only charge customers for the resources used by their applications. Unfortunately, no verifiable basis for service providers and customers to reconcile resource accounting exists today. This leads to ...
Read More
Verifiable resource accounting for cloud computing services
CCSW '11: Proceedings of the 3rd ACM workshop on Cloud computing security workshop

Cloud computing offers users the potential to reduce operating and capital expenses by leveraging the amortization benefits offered by large, managed infrastructures. However, the black-box and dynamic nature of the cloud infrastructure makes it ...
Read More
Verifiable Computation on Outsourced Encrypted Data
Computer Security - ESORICS 2014
Abstract
On one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGPLAN Notices Volume 48, Issue 7
VEE '13
July 2013
194 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2517326
Issue’s Table of Contents
VEE '13: Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
March 2013
210 pages
ISBN:9781450312660
DOI:10.1145/2451512
General Chair:
Steve Muir
VMware, USA
,
Program Chairs:
Gernot Heiser
NICTA and University of New South Wales, Australia
,
Steve Blackburn
Australian National University, Australia
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 March 2013
Check for updates
Author Tags
accounting
cloud computing
metering
resource auditing
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 31
  Total Citations
  View Citations
- 479
  Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Towards verifiable resource accounting for outsourced computation

ACM SIGPLAN Notices

Abstract

References

Cited By

Index Terms

Recommendations

Towards verifiable resource accounting for outsourced computation

Verifiable resource accounting for cloud computing services

Verifiable Computation on Outsourced Encrypted Data