Advertisement

VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation

  • Shruti Tople
  • Soyeon Park
  • Min Suk Kang
  • Prateek Saxena
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10892)

Abstract

In cloud computing, where clients are billed based on the consumed resources for outsourced tasks, both the cloud providers and the clients have the incentive to manipulate claims about resource usage. Both desire an accurate and verifiable resource accounting system, which is neutral and can be trusted to refute any disputes. In this work, we present VeriCount—a verifiable resource accounting system coupled with refutable billing support for Linux container-based applications. To protect VeriCount logic, we propose a novel approach called self-accounting that combines hardware-based isolation guarantees from trusted computing mechanisms and software fault isolation techniques. The self-accounting engine in VeriCount leverages security features present in trusted computing solutions, such as Intel SGX, to measure user CPU time, memory, I/O bytes and network bandwidth while simultaneously detecting resource usage inflation attacks. We claim three main results. First, VeriCount incurs an average performance overhead of 3.62% and 16.03% over non-accounting but SGX-compatible applications in hardware and simulation mode respectively. Next, it contributes only an additional 542 lines of code to the trusted computing base. Lastly, it generates highly accurate, fine-grained resource accounting, with no discernible difference to the resource measuring tool available with the OS.

Notes

Acknowledgements

We thank the anonymous reviewers of this paper for their helpful feedback. We also thank Zhenkai Liang, Shweta Shinde, and Loi Luu for useful feedback on an early version of the paper. This research was partially supported by a grant from Singapore Ministry of Education Academic Research Fund Tier 1 (R-252-000-624-133), and the National Research Foundation, Prime Ministers Office, Singapore under its National Cybersecurity R&D Program (TSUNAMi project, No. NRF2014NCR-NCR001-21) and administered by the National Cybersecurity R&D Directorate.

References

  1. 1.
    Software Guard Extensions Programming Reference, September 2013. https://software.intel.com/sites/default/files/329298-001.pdf
  2. 2.
    Amazon EC2 container service (2017). https://aws.amazon.com/ecs/
  3. 3.
  4. 4.
    Google container engine (GKE) (2017). https://cloud.google.com/
  5. 5.
    H2O web server (2017). https://github.com/h2o/h2o
  6. 6.
    Intel SGX linux SDK (2017). https://github.com/01org/linux-sgx
  7. 7.
  8. 8.
    Panoply source code (2017). https://shwetasshinde24.github.io/Panoply/
  9. 9.
    SPEC CPU2006 benchmarks (2017). https://www.spec.org/cpu2006/
  10. 10.
    Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., OKeeffe, D., Stillwell, M.L., et al.: Scone: secure Linux containers with intel SGX. In: 12th USENIX Symposium Operating Systems Design and Implementation (2016)Google Scholar
  11. 11.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. (TOCS) 33(3), 8 (2015)CrossRefGoogle Scholar
  12. 12.
    Bouchenak, S., Chockler, G., Chockler, H., Gheorghe, G., Santos, N., Shraer, A.: Verifying cloud services: present and future. ACM SIGOPS Oper. Syst. Rev. 47, 6–19 (2013)CrossRefGoogle Scholar
  13. 13.
    Chen, C., Maniatis, P., Perrig, A., Vasudevan, A., Sekar, V.: Towards verifiable resource accounting for outsourced computation. In: VEE (2013)Google Scholar
  14. 14.
    Erlingsson, Ú., Abadi, M., Vrable, M., Budiu, M., Necula, G.C.: XFI: software guards for system address spaces. In: OSDI (2006)Google Scholar
  15. 15.
    Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M., Inácio, P.R.: Security issues in cloud environments: a survey. International J. Inf. Secur. 13, 113–170 (2014)CrossRefGoogle Scholar
  16. 16.
    Haeberlen, A., Aditya, P., Rodrigues, R., Druschel, P.: Accountable virtual machines. In: OSDI, pp. 119–134 (2010)Google Scholar
  17. 17.
    Hunt, T., Zhu, Z., Xu, Y., Peter, S., Witchel, E.: Ryoan: a distributed sandbox for untrusted computation on secret data. In: OSDI (2016)Google Scholar
  18. 18.
    Jellinek, R., Zhai, Y., Ristenpart, T., Swift, M.: A day late and a dollar short: the case for research on cloud billing systems. In: HotCloud (2014)Google Scholar
  19. 19.
    Kroll, J.A., Stewart, G., Appel, A.W.: Portable software fault isolation. In: 27th 2014 IEEE Computer Security Foundations Symposium (CSF), pp. 18–32. IEEE (2014)Google Scholar
  20. 20.
    Lee, S., Shih, M.W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. arXiv preprint arXiv:1611.06952 (2016)
  21. 21.
    Li, Y., McCune, J.M., Newsome, J., Perrig, A., Baker, B., Drewry, W.: Minibox: A two-way sandbox for x86 native code. In: USENIX Annual Technical Conference (2014)Google Scholar
  22. 22.
    Liu, M., Ding, X.: On trustworthiness of CPU usage metering and accounting. In: IEEE 30th International Conference on Distributed Computing Systems Workshops (2010)Google Scholar
  23. 23.
    Matetic, S., Kostiainen, K., Dhar, A., Sommer, D., Ahmed, M., Gervais, A., Juels, A., Capkun, S.: ROTE: rollback protection for trusted execution. In: Usenix Security (2017)Google Scholar
  24. 24.
    McCamant, S., Morrisett, G.: Evaluating SFI for a CISC architecture. In: Usenix Security (2006)Google Scholar
  25. 25.
    McKeen, F., Alexandrovich, I., Anati, I., Caspi, D., Johnson, S., Leslie-Hurd, R., Rozas, C.: Intel\({\textregistered }\) software guard extensions (Intel\({\textregistered }\) SGX) support for dynamic memory management inside an enclave. In: HASP 2016Google Scholar
  26. 26.
    Mihoob, A., Molina-Jimenez, C., Shrivastava, S.: A case for consumer-centric resource accounting models. In: IEEE 3rd International Conference on Cloud Computing (2010)Google Scholar
  27. 27.
    Shih, M.-W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: NDSS (2017)Google Scholar
  28. 28.
    Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: ACM Workshop on Cloud Computing Security Workshop (2011)Google Scholar
  29. 29.
    Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: ASIACCS (2016)Google Scholar
  30. 30.
    Shinde, S., Le Tien, D., Tople, S., Saxena, P.: Panoply: low-TCB Linux applications with SGX enclaves. In: NDSS (2017)Google Scholar
  31. 31.
    Tsafrir, D., Etsion, Y., Feitelson, D.G.: Secretly monopolizing the CPU without superuser privileges. In: USENIX Security, vol. 7, pp. 1–18 (2007)Google Scholar
  32. 32.
    Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: CCS (2012)Google Scholar
  33. 33.
    Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review, pp. 203–216. ACM (1994)CrossRefGoogle Scholar
  34. 34.
    Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 15(2), 843–859 (2013)CrossRefGoogle Scholar
  35. 35.
    Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: IEEE Symposium on Security and Privacy (SP) (2015)Google Scholar
  36. 36.
    Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native client: a sandbox for portable, untrusted x86 native code. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 79–93. IEEE (2009)Google Scholar
  37. 37.
    Zhang, F., Zhang, H.: SoK: a study of using hardware-assisted isolated execution environments for security. In: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, HASP 2016 (2016)Google Scholar
  38. 38.
    Zhou, F., Goel, M., Desnoyers, P., Sundaram, R.: Scheduler vulnerabilities and coordinated attacks in cloud computing. J. Comput. Secur. 21(4), 533–559 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Shruti Tople
    • 1
  • Soyeon Park
    • 2
  • Min Suk Kang
    • 1
  • Prateek Saxena
    • 1
  1. 1.National University of SingaporeSingaporeSingapore
  2. 2.Georgia TechAtlantaGeorgia

Personalised recommendations