A Blockchain based Witness Model for Trustworthy Cloud Service Level - - PowerPoint PPT Presentation

a blockchain based witness model for trustworthy cloud
SMART_READER_LITE
LIVE PREVIEW

A Blockchain based Witness Model for Trustworthy Cloud Service Level - - PowerPoint PPT Presentation

Feb 11, 2024 620 likes •932 views

A Blockchain based Witness Model for Trustworthy Cloud Service Level Agreement Enforcement Huan Zhou , Xue Ouyang, Zhijie Ren, Jinshu Su, Cees de Laat, Zhiming Zhao Paris 1/May/2019 Outline Cloud SLA / Blockchain: background and challenges

slide-1
SLIDE 1

A Blockchain based Witness Model for Trustworthy Cloud Service Level Agreement Enforcement

Huan Zhou, Xue Ouyang, Zhijie Ren, Jinshu Su, Cees de Laat, Zhiming Zhao

Paris 1/May/2019

slide-2
SLIDE 2

Outline

  • Cloud SLA / Blockchain: background and challenges
  • Witness Model Design and Key Techniques to Ensure Trustworthiness
  • Witness Management and Unbiased Random Selection
  • Payoff Function Design and Nash Equilibrium
  • Witness Audit Mechanism
  • Experimental Study
  • Conclusions
slide-3
SLIDE 3

What is Cloud SLA?

Cloud Service Provider Cloud Service Customer

Framework

Cloud SLA (Service Level Agreement) is a business concept which defines the contractual and financial agreements between the Cloud customer and provider.

slide-4
SLIDE 4

What is Cloud SLA?

4 4

Cloud Service Provider Cloud Service Customer

Example: A Cloud customer, C, buys a VM (Virtual Machine), X, from an IaaS Cloud provider, P, for

  • ne hour. They make an agreement: in this one hour,
  • If the VM, X, does not crash, C à P 1000 credits. (payment)
  • If the VM, X, crashes, C à P 500 credits. (compensation)

Framework

Cloud SLA (Service Level Agreement) is a business concept which defines the contractual and financial agreements between the Cloud customer and provider.

slide-5
SLIDE 5

What is Cloud SLA?

5 5

Cloud Service Provider Cloud Service Consumer

Framework

Cloud SLA (Service Level Agreement) is a business concept which defines the contractual and financial agreements between the Cloud customer and provider.

Example: A cloud customer, C, buys a VM (Virtual Machine), X, from an IaaS Cloud provider, P, for one

  • hour. They make an agreement: in this one hour,
  • If the VM, X, does not crash, C à P 1000 credits. (payment)
  • If the VM, X, crashes, C à P 500 credits. (compensation)

Provider is in a centralized and dominating position:

  • Less fair;
  • Lack of violation proof;
  • Manual enforcement.
slide-6
SLIDE 6

What is Cloud SLA?

6 6

Cloud Service Provider Cloud Service Consumer

Framework

Cloud SLA (Service Level Agreement) is a business concept which defines the contractual and financial agreements between the Cloud customer and provider.

Example: A cloud customer, C, buys a VM (Virtual Machine), X, from an IaaS Cloud provider, P, for one

  • hour. They make an agreement: in this one hour,
  • If the VM, X, does not crash, C à P 1000 credits. (payment)
  • If the VM, X, crashes, C à P 500 credits. (compensation)

Centralized provider: Less fair; Lack of violation proof, Manual enforcement

  • 1. How to ensure the fairness of the provider and customer in the

agreement?

  • 2. Who and how to detect and prove the SLA violation?
  • 3. How to automate the process of payment and especially the

compensation?

slide-7
SLIDE 7
  • Blockchain is a technique, which makes every participant having consensus
  • n a decentralized ledger, e.g., through PoW (Proof of Work).
  • Bitcoin is the first generation application of blockchain, from 2009.

Blockchain: decentralized and immutable ledger

7

Hash01 Hash23 Hash3 Hash2 Hash1 Hash0 Tx2 Tx1 Tx0

Prev_Hash Block 10 Timestamp Tx_Root Nounce Prev_Hash Block 11 Timestamp Tx_Root Nounce Prev_Hash Block 12 Timestamp Tx_Root Nounce

Tx3 Sender Address Amount Receiver Address

Transaction View

Alice Bob

transfer x tokens

slide-8
SLIDE 8
  • Ethereum is the second generation blockchain, from 2015.
  • It proposes EVM (Ethereum Virtual Machine), which is a set of byte

values to represent a virtual machine state.

  • Ethereum works as a world-wide computer. The program running on

this computer is named as Smart Contract.

Blockchain: smart contract

8

Hash3

Prev_Hash Block 10 Timestamp Tx_Root Nounce Prev_Hash Block 11 Timestamp Tx_Root Nounce Prev_Hash Block 12 Timestamp Tx_Root Nounce

Tx3 Sender Address Interface X Receiver Address

Transaction View

Alice Smart Contract

invoke

EVM State: S EVM State: S’

ADDRESS: 741F7A3 BALANCE: 12 ETH [CODE……..] STORAGE: [0,100,0,A]

Tx3

ADDRESS: 741F7A3 BALANCE: 10 ETH [CODE……..] STORAGE: [0,100,ETH,A] CODE:

Withdraw() { if (sender.adddr == Alice) sender.transfer(2); }

slide-9
SLIDE 9

Payment() { if( !X.violated ) C.transfer(P, 1000) else C.transfer(P, 500) } A Cloud customer, C, buys a VM (Virtual Machine), X, from an IaaS Cloud provider, P, for one hour. They make an agreement: in this one hour,

  • If the VM, X, does not crash, C à P 1000 credits. (payment)
  • If the VM, X, crashes, C à P 500 credits. (compensation)

OpportuniHes: automa1on

Customer invokes this Payment interface Smart Contract CODE:

slide-10
SLIDE 10

Off-chain Events (e.g. service viola1on) On-chain Transac1ons (e.g. viola1on detec1on)

Who provides the informa1on and data? Is it trustworthy? What is the weather today? Real-world event

In the context of Cloud SLA, who can be the judge to convince both, the provider and customer, that the service violation really happens? How?

Challenges: viola1on detec1on?

slide-11
SLIDE 11

Current soluHon: oracle

Off-chain Events On-chain Transac1ons

Who? Oracle: Perform as “Data Carrier” Is it trustworthy?

Third trusted party Distributed oracles Orisi

For oracles:

  • Require them independent

and trustworthy;

  • No incen1ve;
  • Consensus issue;

SoNware Oracle Hardware Oracle

  • Must trust the third party;
  • Single point of failure;
slide-12
SLIDE 12

Our proposal: decentralized witness model

Cloud Service Provider Cloud Service Customer

SLA Smart Contract

slide-13
SLIDE 13

Cloud Service Provider Cloud Service Customer

Witness

report

violated?

w1 w2 wN

SLA Smart Contract

M-out-of-N reports?

Our proposal: decentralized witness model

slide-14
SLIDE 14

Cloud Service Provider Cloud Service Customer

Witness rewards

w1 w2 wN

SLA Smart Contract

come from the deposit of provider and customer

Our proposal: decentralized witness model

slide-15
SLIDE 15

How does it work in Cloud SLA

Publish Service Detail and Setup SLA Report violation Enforce the corresponding fees

Cloud Customer Cloud Provider Decentralized Witnesses SLA Smart Contract Cloud Service

Monitor

5

Compensation Fee Service Fee Witness Rewards

Test and adopt

3a 2b 4a 1

Off-chain negotiation Provider provision

2a

Accept SLA

3b 4b

Off-chain interaction On-chain interaction (possible happening)

slide-16
SLIDE 16

How does it work in Cloud SLA

Publish Service Detail and Setup SLA Report violation Enforce the corresponding fees

Cloud Customer Cloud Provider Decentralized Witnesses SLA Smart Contract Cloud Service

Monitor

5

Compensation Fee Service Fee

Witness Rewards

Test and adopt

3a 2b 4a 1

Off-chain negotiation Provider provision

2a

Accept SLA

3b 4b

Off-chain interaction On-chain interaction (possible happening)

How the witnesses are managed and selected to be independent? How to motivate the witness to tell the truth about the service violation detection?

slide-17
SLIDE 17

Decentralized Witnesses Pool

Some deposits for resisting Sybil attack

Witness-Pool Smart Contract

… Witnesses Pool Any Blockchain User

register

U1 U2 UT

ID: 0x9a6baf8cb84cc3614f544fbb8c15e89e5a9311f2 State: Online/Offline/… ID: 0x2e5727a1ae83f0c885e62b62b5561a1456b4bb65 State: Online/Offline/… ID: 0x4cee3a18a79ee7ce25f35bb7a8606e3a2131fd82 State: Online/Offline/…

slide-18
SLIDE 18

Unbiased Random SelecHon Procedure

… Witnesses Pool U1 U2 UT

0x9a6baf8cb… 0x2e5727a1… 0x4cee3a18…

Prev_Hash

Block Bi

Timestamp Tx_Root Nounce Prev_Hash

Block Bi+1

Timestamp Tx_Root Nounce Prev_Hash

Block Bi+j

Timestamp Tx_Root Nounce

Witness-Pool Smart Contract

Provider/Customer invokes

1 Request 2 Wait for new j blocks generated Hi Hi-1 Hi+1 Hi+j+1 3 Selection

seed = Hi+1+Hi+2+…+Hi+j+1 FOR x = seed%T+1 check Ux reputation check Ux state (online?) seed = Hash(seed) END FOR RETURN N selected witnesses

Witness Committee (W) w1 w2 wN Underlying Blockchain

N > 2

slide-19
SLIDE 19

Witness-as-a-Game

Strategic Form Game with Complete Information Cloud Service Provider Cloud Service Customer

report

violated?

w1 w2 wN

SLA Smart Contract

M-out-of-N reports?

Players: Actions:

σ k

(r)

σ k

(s)

: wk Report the service violation to the smart contract : wk do not report and keep Silence to the smart contract

(1 < N/2 < M < N)

Payoff function

π k(σ k,σ −k): rewards of wk in this

strategy profile

Witness Committee (W)

slide-20
SLIDE 20

Payoff: witness incen1ve model

Cloud Service Provider Cloud Service Customer

Witness Committee (W)

report

w1 w2 wN

SLA Smart Contract

M-out-of-N reports? (1 < N/2 < M < N)

Payoff function

Wreport :∀wk ∈ Wreport,σ k =σ k

(r)

Wsilence :∀wk ∈ Wsilence,σ k =σ k

(s)

Wreport ≥ M ?

violated

yes no

not violated ∀wk ∈ Wreport,π k(σ k

(r),σ −k) =10

∀wk ∈ Wsilence,π k(σ k

(s),σ −k) = 0

∀wk ∈ Wsilence,π k(σ k

(s),σ −k) =1

∀wk ∈ Wreport,π k(σ k

(r),σ −k) = −1

slide-21
SLIDE 21

Proof: Nash Equilibrium

In the witness game, there are two and only two Nash equilibrium points:

  • ∀wk ∈ W,σ k =σ k

(r)

∀wk ∈ W,σ k =σ k

(r)

  • Take the example of three-witness game (N = 3, M = 2)

w1 : Alice w3 : Candy σ(r)

3 : Report

σ(s)

3 : Silence

w2 : Bob w2 : Bob σ(r)

2 : Report

σ(s)

2 : Silence

σ(r)

2 : Report

σ(s)

2 : Silence

σ(r)

1 : Report

(10, 10, 10) (10, 0, 10) (10, 10, 0) (-1, 1, 1) σ(s)

1 : Silence

(0, 10, 10) (1, 1, -1) (1, -1, 1) (1, 1, 1)

slide-22
SLIDE 22
  • All behaviors of a witness are recorded in the blockchain, which

are trackable and immutable.

  • The audit mechanism is leveraged to calculate the reputation

value of a witness.

  • If the reputation of a witness is too low, it would not be selected

by the selection algorithm.

  • The malicious or unrational witnesses can be:

Lazy witness → someone prefers not to report the violation.

ReputaHon: Witness Audit

slide-23
SLIDE 23

ImplementaHon: Ethereum

Generate SLA Smart Contract Unbiased Random Sortition Publish Service Detail and Setup SLA Report violation Enforce the corresponding fees

Cloud Customer Cloud Provider Witnesses Pool Witness Committee SLA Smart Contract Cloud Service

3

Monitor

7

Compensation Fee Service Fee Witness Fee

2

Test and adopt

Witness-Pool Smart Contract

5a 4b 6a 1

Off-chain negotiation Provider provision

4a

Accept SLA

5b 6b

Off-chain interaction On-chain interaction (possible happening)

  • The entire system is implemented based on the

two types of smart contracts

  • Leverage Solidity to program smart contracts
  • Code: https://github.com/zh9314/SmartContract4SLA
slide-24
SLIDE 24
  • We deploy the implemented smart contracts on the test net of Ethereum blockchain, Rinkeby.
  • We test all possible scenarios to exploit and validate the functionality of different interfaces.
  • The gas consumption of an interface determines the transaction fee needed to pay the miner in

Ethereum, when invoking that interface.

  • The more complex of the interface is, the more transaction fee required when it is invoked.

Experimental Study: performance characteris1cs

slide-25
SLIDE 25
  • 1. A decentralized witness model is proposed for Cloud SLA

enforcement;

  • 2. Witness-as-a-Game for incentive: in order to maximize the rewards, a

witness always has to offer honest monitoring service;

  • 3. The trustworthiness is proved through game theory;
  • 4. A prototype system is fully implemented based on Ethereum

blockchain.

Conclusions

slide-26
SLIDE 26

Future Work

  • Break the limitation of this work: the witness can only provide

Boolean value, “TRUE” or “FALSE”;

  • Further optimize the interface implementation to reduce the gas

consumption;

  • Consider some more application scenarios, not only Cloud SLA;
  • Develop user-friendly tools to interact with the smart contract.
slide-27
SLIDE 27

To the best of our knowledge, this is the first work of trustworthy decentralized oracles based on economic principles (game theory).

slide-28
SLIDE 28

Backup Slides

30

Witness

Witness-Pool

Smart Contract

SLA

Smart Contract

Provider Customer

XàSLA::genSLAContract return: SLA_address PàSLA::requestSortition + PàSLA::sortitionFromWP

1a

XàWP::register WàWP::turnOn WàWP::turnOff WàWP::reject WàWP::reverse X àWP::checkWState PàSLA::publishService + PàSLA::setupSLA

4 5 6 1b 2a 2b 3b 3a

Overall Relationship

slide-29
SLIDE 29

Backup Slides

31

Candidate Offline Busy Online

WàWP::register WàWP::turnOn WàWP::turnOff

Confirmation Time Window?

WàWP::reverse

(reputationê)

  • ut

in WàWP::reject WàSLA:witnessRelease SCàWP::release PàSLA::resetSLA

Witness-pool Smart Contract Implementation

Witness state transition à

slide-30
SLIDE 30

in

Active Fresh Init Completed Customer Provider Witness

PàsetupSLA CàacceptSLA WàreportViolation PàproviderEndNSLAandWithdraw CàcustomerEndVSLAandWithdraw

Violated

PàresetSLA WàwitnessWithdraw PàrestartSLA PàsetCustomer PàpublishService … PàrequestSortition PàsortitionFromWP WàwitnessConfirm WàwitnessRelease

Service Duration End?

  • ut

Accept Time Window?

in PàcancleSLA

  • ut

CàresetWitness

Confirmed?

yes no

Backup Slides

A Specific SLA Smart Contract Implementation

SLA state transition à