1 / 22

Verifiable Resource Accounting for Cloud Computing Services

Verifiable Resource Accounting for Cloud Computing Services. Vyas Sekar, Petros Maniatis ISTC for Secure Computing . State of cloud computing today .

peri
Download Presentation

Verifiable Resource Accounting for Cloud Computing Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Verifiable Resource Accountingfor Cloud Computing Services Vyas Sekar, Petros Maniatis ISTC for Secure Computing

  2. State of cloud computing today .. As it turns out, Microsoft's doesn't disclose revenues related to its cloud services. And on that matter, it's not alone. Neither do Amazon, Google, or IBM. It's that dreaded time of the month again, the time of the month that we, the 400,000+ Amazon Web Service consumers await with great anticipation / horror. What I'm talking about is the Amazon Web Services Billing Statement sent at beginning of each month. Need stronger, verifiable resource accounting!

  3. Divided opinions on “better accounting” vs. Non-problem Technically “easy” Market forces will solve this! “Obviously” critical problem But, we don’t know how!! Little systematic research on this topic!

  4. Goal of this work • Stimulate active discussion • Our own position: “obviously critical” • Sketch a technical framework for how

  5. Outline • Motivation • Problem definition • Did-I verifiability • Should-I verifiability • Discussion • Ongoing work

  6. Problem Setup Verifier T,R,W,A Task (T) Provider Report (R) Trusted Layer Customer Witness (W) Attribution Model (A) e.g., SLA-like contract

  7. What does verifiability mean? Task,Report,Witness,Attribution (T,R,W,A) Verifier Customer • Did I use the resources billed? • T did physically consume X cycles, Y GB RAM, Z MB bandwidth • Is P double counting or overcharging? 2. Should I have used these resources? e.g., Was it because of poor scheduling by P? Did T consume more due to “contention” with T’ on same CPU?

  8. Outline • Motivation • Problem definition • Did-I verifiability • Should-I verifiability • Discussion • Ongoing work

  9. Did-I Verifiability Provider P C1 R2 R1 T2 T1 C2 • T1, T2 did physically consume X1, X2 cycles • i.e., P is not “double counting” or overcharging

  10. A Clean-slate Solution Task1 Task2 No spurious reports Visibility into low-level Resource 1 Resource 2 “Trusted” Hardware-root-of-trust “Witness”

  11. Challenges with Clean Slate Performance slowdown Task1 Task2 Bandwidth overhead Resource 1 Resource 2 Doesn’t exist yet!

  12. Practical Approximations • Bandwidth overhead  Aggregation • Performance slowdown • Sampling or snapshots • Relaxing hardware dependence • Small instruction stream recorder (not online) • Shim layer for monitoring

  13. Outline • Motivation • Problem definition • Did-I verifiability • Should-I verifiability • Discussion • Ongoing work

  14. Should-I Verifiability Provider P R’ R T Consumer T Ideal Provider P’ • Is R very different from R’ in ideal case? • e.g., is P scheduling/allocating as it promised? • e.g., is R high because of contention?

  15. Clean-slate Should-I Verifier Customer Provider Log of Requests, interrupts Requests Decisions Allocator Allocator Log of Decisions Decisions Interrupts e.g., this is the VMM or cluster scheduler implementing “weighted fair queuing” “Witness”

  16. Challenges with Clean-Slate Leak proprietary logic Verifier Customer Provider Log of Requests, interrupts Requests Decisions Allocator Allocator Log of Decisions Decisions Interrupts Log overhead e.g., locate verifier or agent close to P

  17. Balancing privacy vs accountability Verifier Customer Provider Requests Log of Requests, interrupts Hidden Private Policy Allocator Template Decisions Allocator Template Log of Decisions Decisions Interrupts e.g., Is the provider running a “fair queueing” scheduler? But “weights” are private policy

  18. Alternative “Quantitative” Should-I Leak proprietary logic Verifier Customer Provider Log of Requests, interrupts Requests Decisions Allocator Allocator Allocator Log of Decisions Decisions Task Interrupts Report Very different from SLA verification Not promising lower bound on “resources” Rather computing upper bound on “consumption”

  19. Outline • Motivation • Problem definition • Did-I verifiability • Should-I verifiability • Discussion • Ongoing work

  20. Discussion • Provider incentives • More adoption to avoid underutilization • Less conservative in accounting • Prevent customers from gaming the system • Why markets may not suffice? • Infrastructure  few players • Cost of migrating is non-trivial • Relaxing provider assistance • Resource prediction or collaborative inference

  21. Summary • Honeymoon phase for cloud is over Need stronger verifiable accounting • Benefits to consumers & providers • Side benefit: may encourage better practices • Sketch a framework, potential solutions • Did-Iand Should-Iverifiability • Working toward a practical realization

More Related