Verifiable Resource AccountingChen Chen, Petros Maniatis, Adrian Perrig,

Vyas Sekar, Amit Vasudevan

Problem StatementCan a customer verify she received the resources charged by the service provider, while• remaining close to existing deployment models

Ease of Deployment• requiring minimal trust in the operator’s

infrastructureSmall TCB

• imposing low performance overheadEfficiency

Desired Properties• Image Integrity

Is the provider running the correct VM?

• Customization IntegrityIs the customization legitimate?

• Execution IntegrityProtect VM contents at runtime

• Accounting IntegrityResources (e.g., cycles) are actually consumed

VM Customizer

1. VMImage 3. Guest1 3. Guest2

2. CustomizedImage

CustomizationIntegrity

AccountingIntegrity

ExecutionIntegrity

ImageIntegrity

Client

4. Consumption Report

ProviderTask Lifecycle

Guest OS1 Guest OS2

Alibi Layere.g., minimal KVM

Cloud Hypervisore.g., Xen

Verifiable Resource Accounting (VRA) High-level Design

Provider hypervisor runs nested on top of Alibi (our accounting hypervisor)

Easy to deploy ✓Provider hypervisor needs no modification

Small TCB ✓Only Alibi needs to be trustedAmenable to verification

MotivationOutsourced computation is ubiquitous today (e.g., EC2, Azure, Rackspace).

“Did I get to use the resources I was charged for?”

Current Status and Future Directions• Use nested virtualization in KVM as starting point

• Adding Alibi features to KVM-nesting• Initial measurements show 7% overhead• Efficient ✓

• Modeling the lifecycle formally• Verify high-level system model• Verify that nested-virtualization implementation

matches the model

• Current resources: CPU, memory

• Support for I/O forthcoming

Potential threats • Attackers may modify/take over instances

(e.g., Somorovsky et al. [CCSW ’11])• Provider may customize VM incorrectly

(e.g., Liu and Ding [ICDCS ’11])• Scheduler vulnerabilities in hypervisors

(e.g., Zhou et al. [NCA ’11])• Provider may inflate consumption

(e.g., Liu and Ding [ICDCS ’11])

Task Lifecycle under VRA

Alibi Layer

Cloud HypervisorLaunch image

Measure and verify

• VM image attested before launch

Image Integrity

• Only stock VM device drivers (currently)

Customization Integrity

Alibi Layer

Cloud Hypervisor Guest Page 1

Guest Page 2

• VM is placed in distinct memory pages

• Alibi protects VM memory from hypervisor and other VMs

Execution Integrity

Guest2Guest1 Guest1

Alibi Layer

Cloud Hypervisor

time

• Alibi uses hardware counters to measure resource usage

• Tracks all entry/exits Accounting Integrity

1. Client provides a VM to the provider

2. Cloud provider may customize the VM (e.g., add BIOS, hardware specific optimizations)

3. Cloud provider may multiplex multiple customer VMs on hardware

4. Cloud provider charges by “usage” for different resources