OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge - - PowerPoint PPT Presentation

OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge Environment Reporter: Xiaoqing Cai August 2020

From Cloud to Edge

Cloud Computing Edge Computing Low Latency

Lack of Resources

Cloud Computing Edge Computing

No More Edge

Multi-tenant Data Center

Tenant A Tenant B Tenant C

100 200 300 1 3 5 7 9 11 100 200 300 1 3 5 7 9 11 100 200 300 1 3 5 7 9 11

No Simultaneous Peak

Task Outsourcing

Lessee Lessor

Two Basic Properties for Task Outsourcing

The outsourced task can be executed correctly, i.e., completely and without modification

Unaware

blame blame If User receives wrong results May Bad Innocent Outso- urcing Traditi-

• nal

Performance Reliability

Verify that the lessor provides sufficient resources to meet the QoS requirement according to the lease agreement between the data center tenants Save power to make profit Not enough resources Untrusted QoS information

OVERSEE

O V E R S E E

Reliability Report-Proof Mechanism Performance Sampling-Challenging Mechanism

Enclave

Report

Enclave

Proof

After Initialization After Execution

Insert sampling code Sends sampling requests

… …

What is SGX

Software Guard eXtension is a set of instructions that provide protected memory access control to Intel architectures.

Create OS Enclave Enclave DRAM APP Enclave Local/Remote attestation

Local / Remote Execution

Enclave

compare load

true e ❶ ❷ ❸

measure

Report-Proof Mechanism

• I. Redundant calculation

◆ Verify the correctness

• f the task results

◆ Verify the execution process Reliability

• II. Non-deterministic results
• r
• I. Exploit TEE provided by

Intel SGX

Enclave

• II. Can not guarantee the

completeness of task execution Ring 3

Enclave

Ring 0…

Report

Report-Proof Mechanism

Code Data Enclave private public ❶ ❷ Initialize the enclave Generate a pair of private key(SK) and public key(PK) ❸ ❹ ❺

PK Report

CPU Signature

Insert PK in the report and sign with CPU Execute the task and sampling codes Proof

Task Result Hash Sample Array

…

Private key Signature

Sign the proof with SK …

Sampling-Challenging Mechanism

Performance——Why not just a monitor process ?

Untrusted Part

(operating system)

Trusted Part

(enclave program) Call Gate CallTrusted

Process1

(task running)

Process2

(QoS monitoring)

1st OCALL nth OCALL ...... Ith OCALL completed

Return

1stSystemCall

(Generate log)

IthSystemCall

(Generate log)

nthSystemCall

(Generate log)

file

Trusted?

Save state Return Save state Return Save state Return

......

(The external calling mechanism of SGX)

Sampling-Challenging Mechanism

Performance——Sampling-Challenging Mechanism

Trusted Part

(enclave program) Call Gate CallTrusted

Process1 1st sample nth sample ...... Ith sample completed

Return

......

(task running) (sampling-codes) random sample parameter

Proof

Task Result Hash Sample Array

…

Private key Signature

Generate

Report

Generate

Sampling-Challenging Mechanism

Lessee Lessor Enclave Send sampling codes Return execution time Satisfy the requirement？ Enclave Send the outsourcing task with inserted sampling codes If yes, make the lease agreement

Report Proof

Return results and certificates compare

Proof

Sampling-Challenging Mechanism

• Problem Definition

𝒃𝟐 𝒃𝟑 𝒃𝟒

…

𝒃𝒋 𝒄𝟐 𝒄𝟑 𝒄𝟒 𝒄𝟓 𝒄𝒌

（a） T

𝒃𝒋 𝒄𝒌

（b）

𝒃𝒋

（c）

𝒄𝒌

…

Determine the probability that the cheat can be detected given the sampling time, cheating time and the actual execution time of the outsourced task.

• Sampling Model

Sampling-Challenging Mechanism

• Theorem

Evaluation

Probability of Detecting QoS Degradation

Evaluation

Computational Overhead Environment：

• A single machine with 16GB DDR4 RAM and Intel Core i7-9750H 2.6GHz

with 6 hyper-threaded cores

• 𝜌 calculation, Bubble Sort and Floyd

Thank You！