Abstract
Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios -- volunteer computing, serverless computing, and pay-by-computation for the web -- shows a maximum accounting overhead of 10%.
Highlights
Offloading computation to remote infrastructure has many use cases with cloud computing, client-side web applications and volunteer computing systems being the most prominent examples
In this paper we present AccTEE, a two-way sandbox that offers accounting of resource usage trusted by workload and infrastructure providers in remote computation scenarios
We describe WebAssembly, which AccTEE employs to sandbox executable code (§ 2.3) and which is instrumented for resource accounting
Summary
Offloading computation to remote infrastructure has many use cases with cloud computing, client-side web applications and volunteer computing systems being the most prominent examples. We describe four use case scenarios that would benefit from trusted resource accounting as offered by AccTEE. They consist of client and server workloads, illustrating AccTEE’s applicability in a range of computing environments. As participants are expected to own vastly different CPU generations, it is impossible to fairly compare the CPU times donated These systems waste resources by executing each task multiple times to ensure result integrity in case a particular client misbehaves (either unintentionally due to a bug or intentionally to cheat). Volunteers have access to the code and data which restricts the eligible workloads to domains where this is acceptable
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call