Do You Get What You Pay For? Using Proof-of-Work Functions to Verify Performance Assertions in the Cloud

Abstract

In the Cloud, the operators usually offer resources on a pay per use price model. The client gets access to a newly created virtual machine and has no direct access to the underlying hardware. Therefore, the client cannot verify whether the Cloud operator provides the negotiated amount of resources or only a fraction thereof. Especially, the assigned share of CPU time can be easily forged by the operator. The client could use a normal benchmark to verify the performance of his virtual machine. However, as the Cloud operator owns the underlying infrastructure, the operator could also tamper with the benchmark execution. We identified four attack vectors to modify the results of the benchmark. Based on these attack vectors, we showed that using proof-of-work functions can disable three of them. Proof-of-work functions are challenge response systems, where it is simple to generate a challenge and verify the result while solving the challenge is compute intensive. We implemented three proof-of-work functions in a prototype benchmark. Experiments showed that the runtime of the proof-of-work functions sufficiently relates to the results of the reference benchmark suite SPEC CPU2006.